折腾了好几天,查阅了很多资料,终于搞定了,泪牛满面,下面记录详细操作过程!注:测试环境为CENTOS5.8 x86
- 安装PPTP
直接使用赵蓉的PPTP一键安装包即可
wget http://dl.zrblog.net/pptpd.sh;sh pptpd.sh;
- 安装LNMP
本人使用的是AMH4.2,也是一键安装包
wget http://amysql.com/file/AMH/4.2/amh.sh; chmod 775 amh.sh; ./amh.sh 2>&1 | tee amh.log;
- 安装PEAR
AMH安装好后不带PEAR,而DaloRADIUS需要PEAR的DB插件
wget http://pear.php.net/go-pear.phar;php go-pear.phar;
一路回车即可
/usr/local/php/bin/pear install DB
安装好DB插件
- 添加虚拟主机
登录AMH后台,安装自带的AMChroot模块,然后新建虚拟主机,进AMChroot把刚刚新建的主机设为兼容模式。因为自带的权限管理很严,导致无法调用pear插件,折腾了好几晚上……
- 安装DaloRADIUS
wget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz;tar xvzf daloradius-0.9-9.tar.gz;mv daloradius-0.9-9/* /home/wwwroot/换成刚刚建立虚拟主机的域名/web
- 配置DaloRADIUS
用phpmyadmin新建一个数据库,然后导入./contrib/db/fr2-mysql-daloradius-and-freeradius.sql
编辑./library/daloradius.conf.php
$configValues[‘CONFIG_DB_HOST‘] = ‘localhost‘;
$configValues[‘CONFIG_DB_PORT‘] = ‘3306‘;
$configValues[‘CONFIG_DB_USER‘] = ‘数据库用户名‘;
$configValues[‘CONFIG_DB_PASS‘] = ‘数据库密码‘;
$configValues[‘CONFIG_DB_NAME‘] = ‘数据库名称‘;
$configValues[‘CONFIG_PATH_DALO_VARIABLE_DATA‘] = ‘/home/wwwroot/换成刚刚建立虚拟主机的域名/web/var‘; - 安装FreeRADIUS(SERVER)
yum install freeradius2 freeradius2-mysql freeradius2-utils
- 安装CLIENT
wget ftp://ftp.samba.org/pub/ppp/ppp-2.4.5.tar.gz;tar zxvf ppp-2.4.5.tar.gz;cp -R /root/ppp-2.4.5/pppd/plugins/radius/etc/ /usr/local/etc/radiusclient
- 配置FreeRADIUS
编辑usr/local/etc/radiusclient/servers,尾部添加
127.0.0.1 XXVPN
编辑/usr/local/etc/radiusclient/dictionary,删除最后一行,然后添加
INCLUDE /usr/local/etc/radiusclient/dictionary.microsoft
INCLUDE /usr/local/etc/radiusclient/dictionary.merit编辑/etc/raddb/clients.conf,把client localhost段下的secret改成XXVPN
编辑/etc/raddb/radiusd.conf,找到$INCLUDE sql.conf,去掉前面的#;找到$INCLUDE sql/mysql/counter.conf,去掉前面的#
编辑/etc/raddb/sql.conf,配置login(用户名),password(密码),radius_db(数据库名)等字段
编辑/etc/raddb/sites-enabled/default
authorize段,关掉files、unix,打开sql
preacct段,关掉files
accounting段,打开sql,关掉unix
session段,打开sql
post-auth段,打开sql
pre-proxy段,关掉files - 配置PPTP
编辑/etc/ppp/options.pptpd,尾部添加
plugin radius.so
plugin radattr.so
radius-config-file /usr/local/etc/radiusclient/radiusclient.conf - 流量控制
编辑/etc/raddb/sql/mysql/counter.conf,尾部添加
sqlcounter monthlytrafficcounter {
counter-name = Monthly-Traffic
check-name = Max-Monthly-Traffic
reply-name = Monthly-Traffic-Limit
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM radacct WHERE UserName=‘%{%k}‘ AND UNIX_TIMESTAMP(AcctStartTime) > ‘%b‘"
}上面代码意思是按月进行统计,从数据库的radacct表中,根据用户名(%k)将所有入站和出站流量累加。
时间也是可以自定义的(months、weeks、days、hours),也可以指定具体值,如三天重置一次 "reset = 3 d"编辑/etc/raddb/sites-enabled/default,在authorize区块的末尾添加“monthlytrafficcounter”
编辑/etc/raddb/dictionary,尾部添加
ATTRIBUTE Max-Monthly-Traffic 3003 integer
ATTRIBUTE Monthly-Traffic-Limit 3004 integer进入phpmyadmin,执行SQL
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES (‘user‘,‘Mikrotik-Rate-Limi‘,‘:=‘,‘512k/1M‘);
INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES (‘user‘,‘Acct-Interim-Interval‘,‘:=‘,‘300‘);
INSERT INTO radgroupcheck (groupname,attribute,op,VALUE) VALUES (‘user‘,‘Simultaneous-Use‘,‘:=‘,‘1‘);
INSERT INTO radgroupcheck (groupname,attribute,op,VALUE) VALUES (‘user‘,‘Max-Monthly-Traffic‘,‘:=‘,‘1073741824‘); - 用户断线检测脚本
#!/bin/bash
MYSQL_PASS=XXXXXXXXXX
/usr/local/mysql/bin/mysql -uroot -p$MYSQL_PASS -e "UPDATE 数据库名称.radacct SET acctstoptime = acctstarttime + acctsessiontime WHERE ((UNIX_TIMESTAMP(acctstarttime) + acctsessiontime + 240 - UNIX_TIMESTAMP())<0) AND acctstoptime IS NULL;" - 多线路限制
修改/etc/raddb/sites-enabled/defalut,在authorize区块中添加
update request {
Group-Name := "%{sql:SELECT groupname FROM radusergroup WHERE username=‘%{User-Name}‘ ORDER BY priority}"
}
if (Group-Name && "%{sql:SELECT count(value) FROM radgroupcheck WHERE groupname=‘%{Group-Name}‘ AND attribute=‘NAS-IP-Address‘}") {
if ("%{sql:SELECT count(value) FROM radgroupcheck WHERE groupname=‘%{Group-Name}‘ AND value=‘%{NAS-IP-Address}‘}" < 1) {
reject
}
}