安装radius manager 3.9 全过程手记.doc

安装radius manager 3.9 全过程手记1.安装centos 5.6。2.改MAC、IP、GATEWAY、nameserver，关闭SELINUX，重启系统。改MAC地址/etc/rc.d/rc.sysinit ifconfig eth0 down ifconfig eth0 hw ether 00:D0:09:B8:B7:34 ifconfig eth0 up 配置IP地址，因为上面改了MAC地址，所以文件中的HWADDR注释掉，否则网卡不能启用。/etc/sysconfig/network-scripts/ifcfg-eth0 BOOTPROTO=static IPADDR=42 NETMASK= BROADCAST=55 GATEWAY=54配置网关/etc/sysconfig/networkGATEWAY=54配置DNS/etc/resolv.conf nameserver nameserver 重启网络/etc/init.d/network restart关闭SELINUX/etc/sysconfig/selinux SELINUX=disabled 重启系统reboot3.升级大约200个包，大约耗时30到60分钟。yum update 4.导入RPM-GPG-KEY*rpm -import /etc/pki/rpm-gpg/RPM-GPG-KEY*5.安装基础服务组件（很重要的一步，一定不要落下某个组件，否则不能安装freeradius和radiusmanager）yum install httpd mod_ssl php php-common php-gd php-pear php-pecl-memcache php-mhash php-xml mysql-server gcc gcc-c+yum install mysql-devel curl php-mysql php-mcrypt compat-libstdc+-33 libtool-ltdl-devel6.启动httpd和mysqld服务，后面会讲到如何让服务自动运行。/sbin/service httpd start /sbin/service mysqld start 7.下载安装webmin（webmin可以实现通过web界面操作来维护mysql数据库，但后面我使用命令行维护mysql数据库，所以webmin可以不用安装）wget /project/webadmin/webmin/1.520/webmin-1.520-1.noarch.rpmrpm -ivh webmin-1.520-1.noarch.rpm 42:100008.安装ionCUBE下载安装ionCUBEwget /cont/download/ioncube_loaders_lin_x86.tar.gztar zxvf ioncube_loaders_lin_x86.tar.gzcp -rf ioncube /usr/local/显示php版本，记下版本为5.1php -v PHP 5.1.6 (cli) (built: Nov 29 2010 16:47:37) Copyright (c) 1997-2006 The PHP Group Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies修改php.ini，其中5.1和上步显示php版本一致。/etc/php.inizend_extension=/usr/local/ioncube/ioncube_loader_lin_5.1.sophp -m重启httpd服务。service httpd restart测试ionCUBE是否工作正常cp ioncube/ioncube-encoded-file.php /var/www/htmlhttp:/yourhost/ioncube-encoded-file.php This file has been successfully decoded. ionCube Loaders are correctly installed -9.FreeRadius安装及配置FreeRadius安装wget /cont/download/freeradius-server-2.1.8-dmamod-1.tar.gztar xvf freeradius-server-2.1.8-dmamod-1.tar.gzcd freeradius-server-2.1.8./configuremakemake install文件所有者和权限配置chmod 644 /usr/local/etc/raddb/dictionarychown apache /usr/local/etc/raddbchown apache /usr/local/etc/raddb/clients.conf测试FreeRadius，显示Ready to process requests.radiusd -X Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Ready to process requests.10.建立MySql相关的数据库并作设置。修改mysql配置文件sql.conf(可使用默认值)/usr/local/etc/raddb/sql.conf #使用radius/radius123 # Connection info: server = localhost #port = 3306 login = radius password = radius123 重启mysqld服务/etc/init.d/mysqld start创建相关数据库和连接数据库的用户mysql -u root #登录mysql，默认无密码 CREATE DATABASE radius; #创建radius数据库 CREATE DATABASE conntrack; #创建conntrack数据库 CREATE USER radiuslocalhost IDENTIFIED BY radius123; #创建用户radius,密码radius123 CREATE USER conntracklocalhost IDENTIFIED BY conn123; #创建用户conntrack,密码conn123 GRANT ALL ON radius.* TO radiuslocalhost; #给radius数据库设置访问权限 GRANT ALL ON conntrack.* TO conntracklocalhost; #给conntrack数据库设置访问权限 exit #退出mysql.-11.安装Radius Manager，在交互式安装模式下可全部使用默认选项，只有最后一步按y回车确认安装。wget /radiusmanager-3.9.0.tgztar zxvf radiusmanager-3.9.0.tgzcd radiusmanager-3.9.0-rel/chmod 755 install.sh./install.sh Radius Manager installer Copyright 2004-2011, DMA Softlab LLC All right reserved. (Use CTRL+C to abort any time) Select the type of your operating system: 1. Redhat (Fedora, CentOS etc.) 2. Debian (Ubuntu etc.) Choose an option: 1 Selected operating system is: REDHAT Select installation type: 1. New installation 2. Upgrade old system Choose an option: 1 Selected installation method: NEW INSTALLATION WWW root path: /var/www/html RADIUS database host: localhost RADIUS database username: radius #使用radius/radius123 RADIUS database password: radius123 CTS database host: localhost CTS database username: conntrack #使用conntrack/conn123 CTS database password: conn123 Freeradius UNIX user: root #使用root Httpd UNIX user: apache #使用apache Create rmpoller service: y Create rmconntrack service: y Back up RADIUS database: y WARNING! If You continue You will overwrite the existing RADIUS database! Are You sure to start the installation? n y Starting installation process. Copying WEB content to /var/www/html/radiusmanager Copying binaries to /usr/local/bin Copying rootexec to /usr/local/sbin Copying radiusmanager.cfg to /etc Backing up RADIUS database. Creating MySQL tables Creating rmpoller service Creating rmconntrack service Copying logrotate script Setting permission on raddb files Copying radiusd init script to /etc/init.d Installation finished!确认radiusmanager.cfg和system_cfg.php的rootexec_psw值相同，默认都为12345，一般不要修改。查看 radiusmanager.cfg /etc/radiusmanager.cfg db_host localhost ; mysql RADIUS host address db_name radius ; mysql RADIUS database name db_user radius ; mysql RADIUS username db_psw radius123 ; mysql RADIUS password db_host_cts localhost ; mysql CONNTRACK host address db_name_cts conntrack ; mysql CONNTRACK database name db_user_cts conntrack ; mysql CONNTRACK username db_psw_cts conn123 ; mysql CONNTRACK password rootexec_psw 12345 ; rootexec password 查看 system_cfg.php /var/www/html/radiusmanager/config/system_cfg.php - 12.注册radius manager把注册相关文件复制到radiusmanager目录下，否则radius manager的rmpoller和rmconntrack服务不能启动。cp mod.txt /var/www/html/radiusmanager/cp lic.txt /var/www/html/radiusmanager/ cp mac.txt /var/www/html/radiusmanager/ 13.配置radius manager(非必要情况不要配置)/etc/radiusmanager.cfg/etc/radiusmanager/config使rmscheduler.php每到午夜执行。 /etc/crontab 02 0 * * * root /usr/bin/php /var/www/html/radiusmanager/rmscheduler.php 12345 #使用12345 （注意下面的12345是默认密码，可在system_cfg.php修改）14.设置相关服务开机自动启动启动httpd服务，并且使其自动启动。/sbin/service httpd start chkconfig -add httpdchkconfig httpd on启动mysqld服务，并且使其自动启动。/sbin/service mysqld start chkconfig -add mysqldchkconfig mysqld on启动radiusd服务，并且使其自动启动（centos中不能通过chkconfig添加此服务为自动启动，可根据后面讲到的在rc.local中使用脚本启动）。/sbin/service radiusd start chkconfig -add radiusdchkconfig radiusd on启动rmpoller服务，并且使其自动启动（centos中不能通过chkconfig添加此服务为自动启动，可根据后面讲到的在rc.local中使用脚本启动）。/sbin/service rmpoller startchkconfig -add rmpollerchkconfig rmpoller on启动rmconntrack服务，并且使其自动启动（centos中不能通过chkconfig添加此服务为自动启动，可根据后面讲到的在rc.local中使用脚本启动）。/sbin/service rmconntrack startchkconfig -add rmconntrackchkconfig rmconntrack on通过rc.local脚本使用相关服务自动运行。/etc/rc.local /usr/local/sbin/radiusd /usr/local/sbin/rmpoller /sbin/service httpd start /sbin/service mysqld start /sbin/service rmpoller start /sbin/service rmconntrack start15.测试一个终端窗口启动FreeRadius Debug模式radiusd -X Access-Accept另一个终端窗口发请求认证报文，会得到radtest user 1111 localhost 1812 testing123 Sending Access-Request of id 28 to port 1812 User-Name = user User-Password = 1111 NAS-IP-Address = NAS-Port = 1812 rad_recv: Access-Accept packet from host port 1812, id=28, length=53 Mikrotik-Xmit-Limit = 209715200 Mikrotik-Rate-Limit = 131072/262144查看管理面板，默认用户名密码