04_ubuntu radius 服务安装配置与测试

04_ubuntu radius 服务安装配置

参考
https://blog.csdn.net/qq_33385691/article/details/82498772

1.安装

sudo apt-get install freeradius freeradius-ldap freeradius-mysql

2.配置

  1. 用户配置
vim /etc/freeradius/user
steve   Cleartext-Password := "testing"		#用户名 steve, 密码 testing
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 172.16.3.33,
        Framed-IP-Netmask = 255.255.255.0,
        Framed-Routing = Broadcast-Listen,
        Framed-Filter-Id = "std.ppp",
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobsen-TCP-IP
  1. 配置key
vim /etc/freeradius/clients.conf
client localhost {
        #       hostname    (radius.example.com)
        ipaddr = 127.0.0.1

        #  OR, you can use an IPv6 address, but not both
#       ipv6addr = ::   # any.  ::1 == localhost

        secret          = testing123

3.重启服务

sudo /etc/init.d/freeradius restart
sudo service freeradius restart

4.基本功能测试

  1. 服务端
sudo service freeradius stop
sudo freeradius -X            #前台运行, 开启调试模式
sudo freeradius                #后台运行模式
  1. 客户端 测试命令:
radtest Username Password ServerIP Port Secret
radtest 用户名 密码 地址 端口 key

测试实例1:

radtest steve testing localhost 1812 testing123
Sending Access-Request of id 76 to 127.0.0.1 port 1812
        User-Name = "steve"
        User-Password = "testing"
        NAS-IP-Address = 0.0.0.22
        NAS-Port = 1812
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=76, length=71
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = 172.16.3.33
        Framed-IP-Netmask = 255.255.255.0
        Framed-Routing = Broadcast-Listen
        Filter-Id = "std.ppp"
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobson-TCP-IP

5.添加一个新用户

  1. 增加一个测试用户: 用户test, 密码5678
sudo vim /etc/freeradius/users
test    Cleartext-Password := "5678"

Tip: 注意tab 对齐

  1. 配置客户端访问控制
sudo vim /etc/freeradius/clients.conf
client 192.168.56.0/24 {
  secret = testing234
  shortname = privat-network-1
}
  1. 重启服务
sudo service freeradius stop
sudo freeradius -X

4.测试

客户端:

# radtest test 5678 192.168.56.111 0 testing234

Sending Access-Request of id 137 to 192.168.56.111 port 1812
        User-Name = "test"
        User-Password = "5678"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 192.168.56.111 port 1812, id=137, length=20

服务端:

# sudo freeradius -X

rad_recv: Access-Request packet from host 192.168.56.111 port 51631, id=137, length=74
        User-Name = "test"
        User-Password = "5678"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
        Message-Authenticator = 0xb81f77e46da45055d14413911e50e7af

# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry test at line 86
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group PAP {
[pap] login attempt with password "5678"
[pap] Using clear text password "5678"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 137 to 192.168.56.111 port 51631
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 137 with timestamp +19
Ready to process requests.

6.添加一个网段认证

# vim /etc/free/radius/client.conf
client 192.168.56.0/24 {
        secret          = testing234
        shortname       = private-network-1
}

client 10.68.4.0/24 {
        secret          = testing123
        shortname       = private-network-3
}
上一篇:java使用poi解析Excel文件流


下一篇:[codeigniter4]Upgrading from 3.x to 4.x