freeradius配置文档.docx

FreeRADIUS 服务端安装1.1、下载、编译、安装wget -c/pub/freeradius/freeradius-server-2.1.11.tar.gz# tar zxf freeradius-server-2.1.11.tar.gz# cd freeradius-server-2.1.11# ./configure# make & make install1.2、基本文件的测试测试是否安装成功，如果不需要与mysql集成，那么就已安装完成。# vim /usr/local/etc/raddb/users查找 steve Cleartext-Password := testing, 取消该段内容的注释。# 大写X，意思是以debug模式运行。/usr/local/sbin/radiusd -X#新开一个窗口执行，看到 Access-Accept packet 表示成功了，Access-Reject 表示失败了。/usr/local/bin/radtest steve testing localhost 0 testing123Define a User and PasswordEdit /etc/raddb/usersand create an example user account as thefirstentry. i.e. at thetopof the file, such as:testing Cleartext-Password := password二配置模块支持2.1、启用MySQL模块支持# 查找sql.conf”(683行)，去掉#号vim /usr/local/etc/raddb/radiusd.confOracle支持回到之前解压的freeradius-server-2.1.12目录里# cd /freeradius-server-2.1.12/src/modules/rlm_sql/drivers/rlm_sql_oracle# ./configure -with-oracle-include-dir=$ORACLE_HOME/rdbms/public -with-oracle-lib-dir=$ORACLE_HOME/lib2.2、创建 radius 数据库及表# 123456是你mysql的root密码mysqladmin -uroot -p123456 create radius;#修改radius帐号的密码cd /usr/local/etc/raddb/sql/mysqlsed -i s/radpass/123456/g admin.sqlsed -i s/radpass/123456/g /usr/local/etc/raddb/sql.confmysql -uroot -p123456 admin.sqlmysql -uroot -p123456 radius ippool.sqlmysql -uroot -p123456 radius schema.sqlmysql -uroot -p123456 radius wimax.sqlmysql -uroot -p123456 radius cui.sqlmysql -uroot -p123456 radius insert into radgroupreply(groupname,attribute,op,value)values(user,Auth-Type,:=,Local);mysqlinsert into radgroupreply(groupname,attribute,op,value)values(user,Service-Type,=,Framed-User);mysqlinsert into radgroupreply(groupname,attribute,op,value)values(user,Framed-IP-Netmask,=,55);mysqlinsert into radgroupreply(groupname,attribute,op,value)values(user,Framed-IP-Netmask,:=,);然后加入用户信息：mysql INSERT INTO radcheck (UserName, Attribute, Value) VALUES (geng, Password,peng);然后把用户加到组里：mysqlinsert into radusergroup(username,groupname)values(geng,user);mysqlselect*from radcheck where UserName=geng;1.编辑/etc/raddb/sql.confmysql用户名，密码根据自己的情况填写第88行取消readclients = yes 前的注释2.编辑/etc/raddb/sites-enabled/default第145 行files前加注释第152 行取消sql前的注释第342 行取消sql前的注释3.编辑/etc/raddb/sites-enabled/inner-tunnel第111 行files前加注释第118行取消sql前的注释4.编辑/etc/raddb/eap.conf第30行default_eap_type = md5改为default_eap_type = peap5.编辑/etc/raddb/clients.conf,加入declient secret = tp-linkshortname = testde注意：如果出现以下报错Mon Mar 17 11:09:08 2014 : Error: /usr/local/freeradius/etc/raddb/sql.conf22: Instantiation failed for module sqlMon Mar 17 11:09:08 2014 : Error: /usr/local/freeradius/etc/raddb/sites-enabled/default177: Failed to find sql in the modules section.Mon Mar 17 11:09:08 2014 : Error: /usr/local/freeradius/etc/raddb/sites-enabled/default69: Errors parsing authorize section. Mon Mar 17 11:09:08 2014 : Error: Failed to load virtual server 修改vi /etc/ld.so.conf加入mysql的lib路径 /usr/local/mysql/lib 。然后执行：rootcentos6 mysql# ldconfig2.3、打开从数据库查询nas支持默认从 /usr/local/etc/raddb/clients.conf 文件读取，开启后可从数据库nas表读取。sed -i s/#readclients/readclients/g /usr/local/etc/raddb/sql.conf2.4、打开在线人数查询支持# 查找simul_count_query将279-282行注释去掉vim /usr/local/etc/raddb/sql/mysql/dialup.conf2.5、 Oracle数据库支持配置oracle数据#su - oracle- 创建用户create user radius identified by radpass;GRANT CONNECT,RESOURCE,DBA to radius;-创建表#mkdir /home/oracle/sqls将 /usr/local/etc/raddb/sql/oracle/schema.sql 拷贝到 /home/oracle/sql-修改权限#chown oracle:oinstall /home/oracle/sqls/schema.sql#chmod 744 /home/oracle/sqls/schema.sql切换到oracle#su - oracle$sqlplus radius/radpassSQLstart /home/oracle/sqls/schema.sqlSQLalter table radacct modify groupname null; -非必须，如果报错，不用理会SQLCREATE TABLE nas (id INT PRIMARY KEY,nasname VARCHAR(128),shortname VARCHAR(32),type VARCHAR(30),ports INT,secret VARCHAR(60),server VARCHAR(64),community VARCHAR(50),description VARCHAR(200);SQLCREATE SEQUENCE nas_seq START WITH 1 INCREMENT BY 1;SQLINSERT INTO radgroupreply VALUES (radgroupreply_seq.nextval, user,Service-Type,=,Framed-User);SQLINSERT INTO radgroupcheck VALUES (radgroupcheck_seq.nextval, user,Auth-Type,=,Local);SQLINSERT INTO radcheck VALUES (radcheck_seq.nextval, ora_usr,User-Password,=,ora_pwd);SQLINSERT INTO radusergroup VALUES (radusergroup_seq.nextval, ora_usr,user);SQLcommit;SQLexit;接下来对freeradius进行配置编辑/usr/local/freeradius/etc/raddb/sql.conf# vim /usr/local/freeradius/etc/raddb/sql.conf修改配置文件中mysql的帐号及密码 #database = mysql database = oracle# Connection info:server = “localhost”port = 1521login = radiuspassword = radpass#radius_db = radiusradius_db = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 61)(PORT = 1521) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = portaldb)编辑/usr/local/etc/raddb/sites-enabled/default# vim /usr/local/freeradius/etc/raddb/sites-enabled/default（行数仅供参考，版本不同行数也不同）170行 files 前加 # 注释177行 去掉 sql 前 # 注释406行 去掉 sql 前 # 注释编辑/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel# vim /usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel124行 files 前加 # 注释131行 去掉 sql 前 # 注释编辑/usr/local/freeradius/etc/raddb/radiusd.conf# vim /usr/local/freeradius/etc/raddb/radiusd.conf去掉700行 $INCLUDE sql.conf 前的#注释三、FreeRADIUS 客户端安装与配置3.1、编译与安装wget -c/pub/freeradius/freeradius-client-1.1.6.tar.gztar -zxf freeradius-client-1.1.6.tar.gzcd freeradius-client-1.1.6./configuremake & make install3.2、设置通信密码cat /usr/local/etc/radiusclient/servers/usr/local/etc/radiusclient/dictionary/etc/ppp/pptpd-options/etc/ppp/options.xl2tpdEOFplugin /usr/lib/pppd/2.4.5/radius.soradius-config-file /usr/local/etc/radiusclient/radiusclient.confEOF四、用户权限管理# 连接 MySQLmysql -uroot -p123456;# 使用 radius 数据库USE radius;# 添加用户demo，密码demo，注意是在radchec表INSERT INTO radcheck (username,attribute,op,VALUE) VALUES (demo,Cleartext-Password,:=,demo);# 将用户demo加入VIP1用户组INSERT INTO radusergroup (username,groupname) VALUES (demo,VIP1);# 限制同时登陆人数，注意是在radgroupcheck表INSERT INTO radgroupcheck (groupname,attribute,op,VALUE) VALUES (normal,Simultaneous-Use,:=,1);# 其他INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES (VIP1,Auth-Type,:=,Local);INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES (VIP1,Service-Type,:=,Framed-User);INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES (VIP1,Framed-Protocol,:=,PPP);INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES (VIP1,Framed-MTU,:=,1500);INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES (VIP1,Framed-Compression,:=,Van-Jacobson-TCP-IP);五、启动cp /usr/local/sbin/rc.radiusd /etc/init.d/radiusd/etc/init.d/radiusd start六、安装daloradius在/pro