返回
编程
分类

7、开启另外一个终端进行测试,一、  实现环境

日期: 2020-01-02 08:15 浏览次数 : 149

CentOS 5.4 pptp + freeradius2 +mysql +daloradius完美整合(图文并茂)

VPN:PPTP+MySQL+Freeradiux的安装配置MySQL存储vpn帐号Freeradiux验证vpn帐号1.安装ppp2.安装pptp配置文件如下:#vimoptions.pptpdnamepptpdrefuse-paprefuse-chaprefuse-mschaprequire-mschap-v2require-mppe-128proxyarplocknobsdcompnovjnovjccompnologfdms-dns218.85.157.99ms-dns218.85.152.99plugin/usr/local/ppp/lib/pppd/2.4.4/radius.soplugin/usr/local/ppp/lib/pppd/2.4.4/radattr.soradius-config-file/usr/local/freeradius/etc/radiusclient/radiusclient.conf#vimpptpd.confoption/usr/local/pptpd/etc/options.pptpdlocalip192.168.100.100remoteip192.168.100.150-200黄底为新加配置内容。3.安装mysql4.安装freeradius#wgetftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.10.tar.gz#tarzxvpffreeradius-server-2.1.10.tar.gz-C../software#./configure--prefix=/usr/local/freeradius#make#makeinstall#makdir/usr/local/freeradius/etc/radiusclient#cp/usr/local/src/tarbag/ppp-2.4.4/pppd/plugins/radius/etc/*/usr/local/freeradius/etc/radiusclient#chown-Rradiusd.radiusd/usr/local/freeradius#vimservers//修改key#ServerNameorClient/ServerpairKey#-------------------------------#localhosttesting123localhost vpn#/usr/local/freeradius/sbin/radiusd-X//此过程会生产证书如果要修改key首先要删除之前的证书文件#cd/usr/local/freeradius/etc/raddb/certs#rm-rf*.pem*必威官网亚洲体育 ,.der*.csr*.crt*.key*.p12serial*index.txt*5.关联mysql文件在这个目录下/usr/local/freeradius/etc/raddb/sql/mysql,包括一些授权命令都写好了。>createdatabasevpn>source/usr/local/freeradius/etc/raddb/sql/mysql/schema.sql>source/usr/local/freeradius/etc/raddb/sql/mysql/nas.sql>source/usr/local/freeradius/etc/raddb/sql/mysql/ippool.sql>source/usr/local/freeradius/etc/raddb/sql/mysql/wimax.sql>grantselect,insert,update,deleteon`vpn`.*to'user'@'x.x.x.x'identifiedby'password'>insertintoradgroupreply(groupname,attribute,op,value)values('user','Auth-Type',':=','Local')>insertintoradgroupreply(groupname,attribute,op,value)values('user','Service-Type','=','Framed-User')>insertintoradgroupreply(groupname,attribute,op,value)values('user','Framed-IP-Netmask','=','255.255.255.255')>insertintoradgroupreply(groupname,attribute,op,value)values('user','Framed-IP-Netmask',':=','255.255.255.0')>insertintoradcheck(UserName,Attribute,Value)values('test','User-Password','123456)>insertintoradusergroup(username,groupname)values('test','user')>insertintoradgroupcheck(groupname,attribute,op,value)Values('user','simultaneous-use',':=','1')//限制同一帐号同时只允许登录一次>insertintoradreply(username,attribute,op,value)values('vpnname','Framed-IP-Address',':=','xxx.xxx.xxx.xxx')//分配固定IP6.连接数据库#vim/usr/local/freeradius/etc/raddb/sql.conf修改数据库类型;数据库地址;用户名;密码;数据库名;数据表名#readclients=yes前面的#去掉7.开启sql模块#/usr/local/freeradius/etc/raddb/sites-enabled/defaultfiles行前面加#sql行前面去掉##/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnelfiles行前面加#sql行前面去掉#8.修改eap类型#vim/usr/local/freeradius/etc/raddb/eap.confdefalt_eap_type=md5改为default_eap_type=peap9.修改相应的路径#vim/usr/local/freeradius/etc/radiusclient/radiusclient.conf/usr/local/etc/改为/usr/local/freeradius/etc/10.修改radius以radiusd用户运行#/usr/local/freeradius/etc/raddb/radiusd.confuser=radiusdgroup=radiusd11.修改clients.conf#/usr/local/freeradius/etc/raddb/clients.confsecret=vpnclient192.168.100.0/24{secret=vpnshortname=vpn-network}12.修改dictionary#/usr/local/freeradius/etc/radiusclient/dictionaryINCLUDE/usr/local/freeradius/etc/radiusclient/dictionary.microsoftINCLUDE/usr/local/freeradius/etc/radiusclient/dictionary.ascendINCLUDE/usr/local/freeradius/etc/radiusclient/dictionary.meritINCLUDE/usr/local/freeradius/etc/radiusclient/dictionary.compat13.测试帐号##/usr/local/freeradius/bin/radtesttest123456localhost1812vpnSendingAccess-Requestofid7to127.0.0.1port1812User-Name="JSB_TEST_11"User-Password="ABC1234567890?aaa"NAS-IP-Address=127.0.0.1NAS-Port=1812rad_recv:Access-Acceptpacketfromhost127.0.0.1port1812,id=7,length=32Service-Type=Framed-UserFramed-IP-Netmask=255.255.255.0出现access-accept帐号可以使用不一定可以登录(比如禁用帐号后验证是通过的但是不能登录的),出现Access-Reject则失败。===========================================================ppp/pptp日志的分离#vim/etc/syslog.confdaemon.*/var/log/ppp.log#serviesyslogrestart拨上VPN后部分网站内容显示不全或打不开原因及解决办法:必威官网亚洲体育 1必威官网亚洲体育 2必威官网亚洲体育 3mtu:MaxitumTransmissionUnit最大传输单元mss:MaxitumSegmentSize最大分段大小mtumss(应用层数据)+tcp包头+IP包头mss大小是通讯双方在建立TCP连接时根据双方提供的MSS值的最小值确定为这次连接的最大MSS值tcp数据包包头大小20Byteip数据包包头大小20Byte如果超过mtu的大小就需要对ip报文进行分片。如果ip报文中有DF(DonotFragment)标记就表示不可分片。如果报文超过MTU值又不能分片,就会丢弃报文,返回一个错误信息unreachable-needtofrag(不可到达,需要分片)。解决办法:iptables-AFORWARD-ptcp--syn-s192.168.100.0/24-jTCPMSS--set-mss1356凡是来自192.168.100.0/24网段的tcp包,mss设置为1356.

一、  实现环境:

 

...

1.系统:CentOS  release  6.6 (Final)

一、安装相关配置包

2.需要软件包:

1、安装httpd、mysql及php相关包
[plain] 
1. [[email protected] ~]# yum -y install httpd httpd-devel mysql mysql-server mysql-devel  
2. [[email protected] ~]# yum -y install php php-devel php-mysql php-common php-gd php-mbstring php-mcry  
2、配置httpd服务:
[plain] 
1. [[email protected] ~]# netstat -ant |grep 80  
2. [[email protected] ~]# /etc/init.d/httpd start  
3. Starting httpd:                                            [  OK  ]  
4. [[email protected] ~]# vi /etc/sysconfig/iptables  
5. [[email protected] ~]# grep 80 /etc/sysconfig/iptables  
6. -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT  #增加此行  
7. [[email protected] ~]# /etc/init.d/iptables restart  
8. Flushing firewall rules:                                   [  OK  ]  
9. Setting chains to policy ACCEPT: filter nat                [  OK  ]  
10. Unloading iptables modules:                                [  OK  ]  
11. Applying iptables firewall rules:                          [  OK  ]  
12. Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]  
13. [[email protected] ~]# chkconfig httpd --list  
14. httpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off  
15. [[email protected] ~]# chkconfig httpd on  #设置httpd自动启动  
16. [[email protected] ~]# chkconfig httpd --list  
17. httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off  
18. [[email protected] ~]# netstat -ant |grep 80  
19. tcp        0      0 :::80                       :::*                        LISTEN  
3、启动mysql数据库:
[plain] 
1. [[email protected] ~]# /etc/init.d/mysqld start  
2. Initializing MySQL database:  Installing MySQL system tables...  
3. OK  
4. Filling help tables...  
5. OK  
6. 
7. To start mysqld at boot time you have to copy  
8. support-files/mysql.server to the right place for your system  
9. 
10. PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !  
11. To do so, start the server, then issue the following commands:  
12. /usr/bin/mysqladmin -u root password 'new-password'  
13. /usr/bin/mysqladmin -u root -h localhost.localdomain password 'new-password'  
14. 
15. Alternatively you can run:  
16. /usr/bin/mysql_secure_installation  
17. 
18. See the manual for more instructions.  
19. 
20. You can start the MySQL daemon with:  
21. cd /usr ; /usr/bin/mysqld_safe &  
22. 
23. You can test the MySQL daemon with mysql-test-run.pl  
24. cd mysql-test ; perl mysql-test-run.pl  
25. 
26. Please report any problems with the /usr/bin/mysqlbug script!  
27. 
28. The latest information about MySQL is available on the web at  
29. http://www.mysql.com  
30. Support MySQL by buying support/licenses at http://shop.mysql.com  
31.                                                            [  OK  ]  
32. Starting mysqld:                                           [  OK  ]  
4、设置数据库密码;
[plain] 
1. [[email protected] ~]# mysqladmin -u root password 'leekwen'  
5、安装Freeradius2相关包
[plain] 
1. [[email protected] ~]# yum install -y freeradius2 freeradius2-mysql freeradius2-utils  
6、启动radius进程,调试模式:
[plain] 
1. [[email protected] ~]# radiusd -X  
2. FreeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu, built on Jan  9 2013 at 05:02:57  
3. Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.  
4.  ... adding new socket proxy address * port 51738  
5. Listening on authentication address * port 1812  
6. Listening on accounting address * port 1813  
7. Listening on command file /var/run/radiusd/radiusd.sock  
8. Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel  
9. Listening on proxy address * port 1814  
10. Ready to process requests.  

1) freeradius-2.1.12-6.e16.x86_64

 

  freeradius-mysql-2.1.12-6.e16.x86_64

7、开启另外一个终端进行测试,如图:

2) ppp-2.4.5-5.e16.x86_64

 

3) rp-pppoe-3.10-11.e16.x86_64

必威官网亚洲体育 4

4) mysql-5.1.73-3.e16_5.x86_64

 

  mysql-devel-5.1.73-3.e16_5.x86_64

8、如果结果与上图不同,请临时关闭防火墙后,临时关闭防火墙命令如下:

5) openssl-1.0.1e-30.e16_6.5.x86_64

[plain] 
1. [[email protected] ~]# iptables -F  

重新运行测试命令:
[plain] 
1. [[email protected] ~]# radtest steve testing localhost 1812 testing123  
##############
#  !!error !!  #
##############
Failed binding to authentication address * port 1812: Address already in use
/etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812

二、服务器实际部署环境和简单原理分析:

 

Radius是Remote Access Dial In User Service的简称。Radius主要用来提供认证(Authentication)机制,用来辨认使用者的身份与密码,确认通过之后,经由授权(Authorization)使用者登入网域使用相关资源并可提供计费(Accounting)机制,保存使用者的网络记录。Freeradius是一款OpenSource软件,基于radius协议,实现RADIUS AAA(Authentication、Authorization、Accounting)功能。

 

如下拓扑图所示,为该radius服务器实际运行环境和功能。

必威官网亚洲体育 5

必威官网亚洲体育 6

 

Radius服务器和接入服务器配合使用实现用户宽带账号计费拨号获取权限连接Internet网络。

请先用 lsof 命令查看,再用 killall -9 radiusd命令结束后,重新开启服务后,在进行测试!

三、Radius服务器搭建:

二、下载ppp源码文件,集成ppp client:

      1.安装CentOS系统配置好网络之后使用命令:#yum update 更新系统。

1、下载源码:

      2.查看各个软件包是否安装:#rpm –q ppp rp-pppoe freeradius mysql-* openssl

[plain] 
1. [[email protected] ~]# wget ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz  
2. --2013-07-01 18:33:36--  ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz  
3.            => `ppp-2.4.4.tar.gz'  
4. Resolving ftp.samba.org... 216.83.154.106, 2001:470:1f05:1a07::1  
5. Connecting to ftp.samba.org|216.83.154.106|:21... connected.  
6. Logging in as anonymous ... Logged in!  
7. ==> SYST ... done.    ==> PWD ... done.  
8. ==> TYPE I ... done.  ==> CWD /pub/ppp ... done.  
9. ==> SIZE ppp-2.4.4.tar.gz ... 688763  
10. ==> PASV ... done.    ==> RETR ppp-2.4.4.tar.gz ... done.  
11. Length: 688763 (673K)  
12. 
13. 100%[===========================================>] 688,763      135K/s   in 5.3s  
14. 
15. 2013-07-01 18:33:45 (127 KB/s) - `ppp-2.4.4.tar.gz' saved [688763]  
2、解压并做相关配置
[plain] 
1. [[email protected] ~]# tar zxf ppp-2.4.4.tar.gz  
2. [[email protected] ~]# cp -R ppp-2.4.4/pppd/plugins/radius/etc/ /etc/radiusclient  
3. [[email protected] ~]# cp /etc/radiusclient/radiusclient.conf /etc/radiusclient/radiusclient.conf.bak  
4. [[email protected] ~]# vi /etc/radiusclient/radiusclient.conf  
5. 行号                修改前的配置文件                                修改后的配置文件  
6. 25   issue         /usr/local/etc/radiusclient/issue      修改为:issue        /etc/radiusclient/issue  
7. 46   servers      /usr/local/etc/radiusclient/servers     修改为:servers     /etc/radiusclient/servers  
8. 50   dictionary  /usr/local/etc/radiusclient/dictionary   修改为:dictionary /etc/radiusclient/dictionary  
9. 61   mapfile    /usr/local/etc/radiusclient/port-id-map   修改为:mapfile   /etc/radiusclient/port-id-map  
说明:修改相关配置文件的路径,确保radiusclient.conf这个文件中radiusclient相关的路径都是“/etc/radiusclient”开头的.
3、配置字典文件:
[plain] 
1. [[email protected] ~]# ls -l /etc/radiusclient/dictionary*  
2. -rw-r--r-- 1 root root  7656 Jul  1 18:34 /etc/radiusclient/dictionary  
3. -rw-r--r-- 1 root root 12295 Jul  1 18:34 /etc/radiusclient/dictionary.ascend  
4. -rw-r--r-- 1 root root  1395 Jul  1 18:34 /etc/radiusclient/dictionary.compat  
5. -rw-r--r-- 1 root root   599 Jul  1 18:34 /etc/radiusclient/dictionary.merit  
6. -rw-r--r-- 1 root root  2649 Jul  1 18:34 /etc/radiusclient/dictionary.microsoft  
7. [[email protected] ~]# vi /etc/radiusclient/dictionary  
8. 行号          文件内容  
9. 253  INCLUDE /etc/radiusclient/dictionary.microsoft  
10. 254  INCLUDE /etc/radiusclient/dictionary.merit    #增加此行  
11. 255  INCLUDE /etc/radiusclient/dictionary.ascend   #增加此行  
12. 256  INCLUDE /etc/radiusclient/dictionary.compat   #增加此行  

如果没有安装则使用命令:#yum install ppp rp-pppoe freeradius-* mysql-* openssl

 

进行安装,一般openssl在系统更新之后就已经安装好了。安装好各个软件之后,使用命令:

 

#wget 下载ppp源代码包到创建的/etc/ppp/radius目录下。(#mkdir /etc/ppp/radius //创建目录)

4、在pptpd服务中添加freeradius插件:

下面就对各服务进行配置:

 

  1. 配置 /etc/ppp/options文件:

必威官网亚洲体育 7

lock

 

crtscts

[plain] 
1. [[email protected] ~]# vi /etc/ppp/options.pptpd  
2. 行号          文件内容  
3. 128  # put plugins here  
4. 129  # (putting them higher up may cause them to sent messages to the pty)  
5. 130  plugin /usr/lib/pppd/2.4.4/radius.so    #增加此行  
6. 131  plugin /usr/lib/pppd/2.4.4/radattr.so    #增加此行  
7. 132  radius-config-file /etc/radiusclient/radiusclient.conf    #增加此行  
8. [[email protected] ~]# tail -n 3 /etc/ppp/options.pptpd  
9. plugin /usr/lib/pppd/2.4.4/radius.so  
10. plugin /usr/lib/pppd/2.4.4/radattr.so  
11. radius-config-file /etc/radiusclient/radiusclient.conf  

nobsdcomp

 

nodeflate

三、建立radius数据库及导入相应的数据库表:

nopcomp

可采用命令或使用Navicat for MySQL工具来完成:

      2. 配置/etc/ppp/pppoe-server-options文件,内容为:

1、radius中提供了mysql的导入文件:
[plain] 
1. [[email protected] ~]# ls /etc/raddb/sql/mysql/*.sql -l  
2. -rw-r----- 1 root radiusd  661 Jan  9 02:04 /etc/raddb/sql/mysql/admin.sql  
3. -rw-r----- 1 root radiusd  452 Jan  9 02:04 /etc/raddb/sql/mysql/cui.sql  
4. -rw-r----- 1 root radiusd  761 Jan  9 02:04 /etc/raddb/sql/mysql/ippool.sql  
5. -rw-r----- 1 root radiusd  399 Jan  9 02:04 /etc/raddb/sql/mysql/nas.sql  
6. -rw-r----- 1 root radiusd 4318 Jan  9 02:04 /etc/raddb/sql/mysql/schema.sql  
7. -rw-r----- 1 root radiusd  407 Jan  9 02:04 /etc/raddb/sql/mysql/wimax.sql  

# PPP options for the PPPoE server

 

# LIC: GPL

2、这里采用了命令方式,首先建立radius数据库:

auth

为了方便以后使用Navicat for MySQL工具管理Mysql数据库,所以做了权限等方便的修改:

require-chap

 

default-mru

必威官网亚洲体育 8

default-asyncmap

 

lcp-echo-interval 60

3、具体操作可复制代码:

lcp-echo-failure 5

[plain] 
1. [[email protected] ~]# mysql -uroot -p  
2. Enter password:  
3. Welcome to the MySQL monitor.  Commands end with ; or g.  
4. Your MySQL connection id is 4  
5. Server version: 5.0.95 Source distribution  
6. 
7. Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.  
8. 
9. Oracle is a registered trademark of Oracle Corporation and/or its  
10. affiliates. Other names may be trademarks of their respective  
11. owners.  
12. 
13. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.  
14. 
15. mysql> show databases;  
16. +--------------------+  
17. | Database           |  
18. +--------------------+  
19. | information_schema |  
20. | mysql              |  
21. | test               |  
22. +--------------------+  
23. 3 rows in set (0.00 sec)  
24. 
25. mysql> CREATE DATABASE radius DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;  
26. Query OK, 1 row affected (0.00 sec)  
27. 
28. mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'leekwen' WITH GRANT OPTION;  
29. Query OK, 0 rows affected (0.00 sec)  
30. 
31. mysql> flush PRIVILEGES;  
32. Query OK, 0 rows affected (0.00 sec)  
33. 
34. mysql> q;  
35. Bye  
36. [[email protected] ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/admin.sql  
37. Enter password:  
38. [[email protected] ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/cui.sql  
39. Enter password:  
40. [[email protected] ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/ippool.sql  
41. Enter password:  
42. [[email protected] ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/nas.sql  
43. Enter password:  
44. [[email protected] ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/schema.sql  
45. Enter password:  
46. [[email protected] ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/wimax.sql  
47. Enter password:  
4、防火墙中关于数据库相关的设置:
[plain] 
1. [[email protected] ~]# grep 3306 /etc/sysconfig/iptables  
2. [[email protected] ~]# vi /etc/sysconfig/iptables  
3. [[email protected] ~]# /etc/init.d/iptables restart  
4. Flushing firewall rules:                                   [  OK  ]  
5. Setting chains to policy ACCEPT: filter nat                [  OK  ]  
6. Unloading iptables modules:                                [  OK  ]  
7. Applying iptables firewall rules:                          [  OK  ]  
8. Loading additional iptables modules: ip_conntrack_netbios_n[  OK  ]  
9. [[email protected] ~]# grep 3306 /etc/sysconfig/iptables  
10. -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 3306 -j ACCEPT  

ms-dns 202.96.128.86

 

noipdefault

四、修改radius的相关配置文件:

noipx

[plain] 
1. [[email protected] ~]# cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.bak  
2. [[email protected] ~]# vi /etc/raddb/radiusd.conf  
3. 行号 |      修改后配置                |           未修改的配置  
4. 700  | $INCLUDE sql.conf              | #  $INCLUDE sql.conf <------去掉注释#  
5. 712  | $INCLUDE sql/mysql/counter.conf| #  $INCLUDE sql/mysql/counter.conf  <------去掉注释#  
6. 
7. [[email protected] ~]# cp /etc/raddb/sql.conf /etc/raddb/sql.conf.bak  
8. [[email protected] ~]# vi /etc/raddb/sql.conf  
9. 行号 |     修改后配置           |     未修改的配置  
10. 38   |   login = "root"         |   login = "radius"   <------修改连接mysql的用户名  
11. 39   |   password = "leekwen"   |  password = "radpass"<------修改连接mysql的密码  
12. 100  |   readclients = yes      | #readclients = yes   <------去掉注释#  

nodefaultroute

 

proxyarp

 

noktune

说明:如果在运行radiusd -X 时会加载配置文件;

logfile /var/log/pppd.log

如果看到加载的配置文件时,出现下面的错误:

3.让pppoe服务使用freeradius服务器进行验证

 

1)首先更改/etc/ppp/pppoe-server-options,添加两行设置:

必威官网亚洲体育 9

#PPP options for the PPPoE server

 

#LIC: GPL

!!! Error !!!

auth

Duplicate virtual server "inner-tunnel" in file /etc/raddb/sites-enabled/inner-tunnel:11 

require-chap

and file /etc/raddb/sites-enabled/inner-tunnel.bak:11

default-mru

请将/etc/raddb/sites-enabled/inner-tunnel.bak 与 /etc/raddb/sites-enabled/default.bak全部删除,

default-asyncmap

这也是为什么下面在编辑前没有备份这两个文件的原因:

lcp-echo-interval 60

[plain] 
1. [[email protected] ~]# vi /etc/raddb/sites-enabled/default  
2. 行号  |       修改后配置                    |               未修改的配置  
3. 170    #       files                         |          files  <------增加注释#  
4. 177            sql                           |  #       sql    <------去掉注释#  
5. 372    #       files                         |          files  <------增加注释#  
6. 406            sql                           |  #       sql  <------去掉注释#  
7. 454            sql                           |  #       sql  <------去掉注释#  
8. 475            sql                           |  #       sql  <------去掉注释#  
9. 
10. [[email protected] ~]# vi /etc/raddb/sites-enabled/inner-tunnel  
11. 行号  |      修改后配置                     |           未修改的配置  
12. 124   #       files                          |           files <------增加注释#  
13. 131           sql                            |   #       sql  <------去掉注释#  
14. 255           sql                            |   #       sql  <------去掉注释#  
15. 277           sql                            |   #       sql  <------去掉注释#  

lcp-echo-failure 5

 

ms-dns 202.96.128.86

2、启动radiusd服务,并在数据库总插入测试账号,并查看测试结果!

noipdefault

 

noipx

必威官网亚洲体育 10

nodefaultroute

 

proxyarp

3、测试通过后,修改默认密钥密码:

noktune

[plain] 
1. [[email protected] ~]# cp /etc/raddb/clients.conf /etc/raddb/clients.conf.bak  
2. [[email protected] ~]# vi /etc/raddb/clients.conf  
3. 
4. 行号  |      修改后配置                  |           未修改的配置  
5. 101       secret          = leekwen       |        secret          = testing123  

->plugin    /usr/lib/pppd/2.4.5/radius.so

 

->radius-config-file /etc/ppp/radiuds/radiusclient.conf

 

logfile /var/log/pppd.log

4、重新启动相关服务后,进行数据库用户测试!

表示让pppoe-server在运行时加入pppd的radius查检,可以让pppoe服务通过freeradius来验证和记账。 添加此行之后,可以创建/etc/ppp/radiuds/目录,创建完之后,需要使用一下ppp的源代码。 解压ppp的源代码目录:
#tar -xzf ppp-2.4.5.tar.gz

 

#cd ppp-2.4.5

必威官网亚洲体育 11

#cd pppd/plugins/radius/etc/

 

#cp  *  /etc/ppp/radiuds/

5、此测试通过后,进行客户端的拨号连接,并在服务端查看客户端的拨号日志:

2) 这个目录下有需要的所有相关的配置文件,其中最重要的是/etc/ppp/radiuds/radiusclient.conf,先打开此文件配置,其内容为(已去掉注释):

 

auth_order  radius

必威官网亚洲体育 12

login_tries 4

 

login_timeout 60

6、到此,已经完成了pptpd + freeradius2 + mysql 三者之间的整合.

nologin  /etc/nologin

5.4 pptp + freeradius2 +mysql +daloradius完美整合(图文并茂) 一、安装相关配置包 1、安装httpd、mysql及php相关包[plain] 1. [[email protected] ~]# yum...

issue  /etc/ppp/radiuds/issue

authserver  localhost:1812

acctserver  localhost:1813

servers  /etc/ppp/radiuds/servers

dictionary  /etc/ppp/radiuds/dictionary

login_radius  /usr/local/sbin/login.radius

seqfile  /var/run/radius.seq

mapfile  /etc/ppp/radiuds/port-id-map

default_realm

radius_timeout  10

radius_retries  3

login_local  /bin/login

3) 另外,还需更改此目录下的servers文件,此文件用来指定读取的radius服务器的主机名称以及key值(需要在freeradius配置中指定)。

编辑 /etc/ppp/radius/servers ,设定radius 服务器的位置

localhost  testing123 //这里的testing123是密码

4) 编辑/etc/ppp/radius/dictionary ,修改一些路径设置,主要是最后一个dictionary.microsoft 的路径设置。

INCLUDE /etc/ppp/radiuds/dictionary.microsoft

5) 此时pppoe服务已经可以通过radius认证了。然后进行freeradius的配置。

其中freeradius-mysql包使用来让freeradius连接mysql数据库的,本部分还用不到。

首先打开/etc/raddb/clients.conf配置客户端访问控制,文件内容如下:

Client localhost {

Secret = testing123

Shortname = localhost

Nastype = other

}

表示客户端之允许从127.0.0.1的ip登录radius服务,并且需要验证的secret为testing123,就是在上面的servers文件中需要配置的信息。若要实现可以从别的机器访问,请参考注释获得帮助。

6)然后配置/etc/raddb/naslist文件,内容为:

# NAS Name  Short Name Type

#portmaster1.isp.com  pm1.NY 

livingston

#portmaster2.isp.com  pm1.LA 

livingston

localhost  local  portslave

此文件用来配置记录有哪些指定的nas服务器需要使用radius进行记账。现在指定的是localhost。

7)主控配置文件是radiusd.conf,此文件主要是用来指定freeradius服务器默认的验证和记账方式。我们目前使用本地的文件方式,就是/etc/raddb/users文件,在其中添加需要提供给pppoe服务认证的用户信息,内容如下(用户名前面一定不能有空格):

Aaa Auth-Type := Local, Simultaneous-Use := 1,User-Password:= "aaa"

[tab]Service-Type = Framed-User,

[tab]Framed-Protocol = PPP,

[tab]Framed-IP-Netmask = 255.255.255.255

其中Simultaneous-Use :=1字段用来设置每个用户同时登录的个数。

8) 为了让radius能正确地调用mysql,还要指定一下库的位置:

echo /usr/lib >> /etc/ld.so.conf

ldconfig

9) 都配置完毕后,可以通过radiusd -X命令以排错方式启动,此时再启动pppoe-server,用客户端拨号验证一下,检查pppoe服务是否成 功通过freeradius来验证用户。如果成功,这一部分完成。可通过service radius restart来正常启动radius服务。

Radiusd  -X

radtest  aaa  aaa  localhost  0  testing123

看到 Access-Accept 之类的字样就表示成功了。这时可以正式启动radiusd。

  1. 配置freeradius从mysql数据库读取用户信息

      1.#mysql –u root –p 123  //登录mysql

      2.>create database radius;  //创建数据库

      3.>exit  //退出数据库

      4.#cd /etc/raddb/sql/mysql

      5.#mysql –u root –p radius < schema.sql  //把表导入到数据库中,到数据库中查看是否导入7张表

      6.修改/etc/raddb/sites-enabled/default文件,把authorize{}、accounting{}中的sql的注释#去掉,并把authorize{}中的files的注释#加上。如下所示:

Authorize{

Chap

Mschap

Suffix

Eap

#files

Sql

Pap

}

Accounting{

Detail

Unix

Redutmp

sql

}

      7.修改mysql数据库连接的配置文件/etc/raddb/sql.conf

      Server = “localhost”

      Login = “root”

      Password = “123”

      Radius_db  = “radius”  //数据库名称

      8.修改/etc/raddb/radius.conf文件:

      将$INCLUDE  sql.conf的注释#去掉即可。

      9.在数据库中加入测试账号:

      #mysql –u root –p 123

      >use radius;

建立组信息:

      >insert into radgroupreply (groupname,attribute,op,value) values (’user’,’Auth-Type’,’:=’,’Local’);

      > insert into radgroupreply (groupname,attribute,op,value) values (’user’,’Service-Type’,’:=’,’Framed-User’);

      > insert into radgroupreply (groupname,attribute,op,value) values (’user’,’Feamed-IP-Address’,’:=’,’255.255.255.255’);

      > insert into radgroupreply (groupname,attribute,op,value) values (’user’,’Framed-IP-Netmask’,’:=’,’255.255.255.0’);

建立用户信息:

      > insert into radcheck (username,attribute,op,value) values (’test’,’User-Password’,’:=’,’110’);

将用户加入组中:

      > insert into radusergroup (username,groupname) values (’test’,’user’);

      >exit;  //退出数据库

四、测试radius:

1.#radius –X //以检错方式启动radius服务

2.开另一个终端使用命令:

#radtest  test  110  localhost  10  testing123  进行测试。

如果显示Access-Accept则表示安装成功。   

更多CentOS相关信息见CentOS 专题页面 http://www.linuxidc.com/topicnews.aspx?tid=14

本文永久更新链接地址:http://www.linuxidc.com/Linux/2015-06/119102.htm

必威官网亚洲体育 13