Linux freeradius server

远程认证拨号用户服务(Remote Authentication Dial In User Service, RADIUS)是在网络访问服务器(Network Access Server, NAS)和集中存放认证信息的Radius服务器之间传输认证,授权和配置的协议,其client端多为通过拨号方式实现的NAS,主要用来将用户信息传递给服务器,RADIUS服务器则对用户进行认证,返回配置信息,在两端之间通信包括接入认证和计费请求

freeradius软件获取

[[email protected] ~]# cd /usr/local/src/
[[email protected] src]# wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.6.tar.gz
--14:09:11--  ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.6.tar.gz
           => `freeradius-server-3.0.6.tar.gz‘
Resolving ftp.freeradius.org... 195.154.231.44
Connecting to ftp.freeradius.org|195.154.231.44|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done.  ==> CWD /pub/freeradius ... done.
==> SIZE freeradius-server-3.0.6.tar.gz ... 4555887
==> PASV ... done.    ==> RETR freeradius-server-3.0.6.tar.gz ... done.
Length: 4555887 (4.3M)

100%[=======================================>] 4,555,887   9.25K/s   in 7m 55s 

14:17:13 (9.36 KB/s) - `freeradius-server-3.0.6.tar.gz‘ saved [4555887]
[[email protected] src]./configure --prefix=/usr/local/radius/
[[email protected] src] make
[[email protected] src]make install

test by myself to verify free-radius installed successfully

[[email protected] radius]# sbin/radiusd -X
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/radius/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.

基于mysql的radius开始进行关联

[[email protected] ~] yum install mysql-server
[[email protected] ~] yum install mysql-devel
[[email protected] ~]# service mysqld restart
Stopping mysqld:                                           [  OK  ]
Initializing MySQL database:  Installing MySQL system tables...
OK
Filling help tables...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password ‘new-password‘
/usr/bin/mysqladmin -u root -h Alicia password ‘new-password‘

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
                                                           [  OK  ]
Starting mysqld:                                           [  OK  ]

设置mysql账号root/password

[[email protected] ~]# mysqladmin -u root password ‘password‘
[[email protected] ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.0.95 Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
mysql >

在mysql中增加相关表项和记录

mysql> create database radius;
Query OK, 1 row affected (0.03 sec)
[[email protected] radius]# cd /usr/local/radius/etc/raddb/sql/mysql/
[[email protected] mysql]# mysql -u root -p radius < ./schema.sql
Enter password:
[[email protected] mysql]# mysql -u root -p radius < ./nas.sql
Enter password:
[[email protected] mysql]# mysql -u root -p
Enter password:
mysql> use radius;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> showtables;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘showtables‘ at line 1
mysql> show tables;
+------------------+
| Tables_in_radius |
+------------------+
| nas              |
| radacct          |
| radcheck         |
| radgroupcheck    |
| radgroupreply    |
| radpostauth      |
| radreply         |
| radusergroup     |
+------------------+
8 rows in set (0.00 sec)

mysql> insert into radcheck(username,attribute,op,value) values(‘alicia‘,‘User-Password‘,‘:=‘,‘password‘); Query OK, 1 row affected (0.00 sec) mysql> insert into radcheck(username,attribute,op,value) values(‘Samsun‘,‘User-Password‘,‘:=‘,‘password‘);       Query OK, 1 row affected (0.00 sec) mysql> insert into radcheck(username,attribute,op,value) values(‘Laffan‘,‘User-Password‘,‘:=‘,‘password‘);       Query OK, 1 row affected (0.00 sec) mysql> insert into radcheck(username,attribute,op,value) values(‘Julia‘,‘User-Password‘,‘:=‘,‘password‘);       Query OK, 1 row affected (0.00 sec) mysql> insert into radusergroup(username,groupname) values(‘Samsun‘,‘qa‘)     -> ; Query OK, 1 row affected (0.00 sec) mysql> insert into radusergroup(username,groupname) values(‘alicia‘,‘qa‘)           -> ; Query OK, 1 row affected (0.00 sec) mysql> insert into radusergroup(username,groupname) values(‘Laffan‘,‘rd‘);       Query OK, 1 row affected (0.00 sec) mysql> insert into radusergroup(username,groupname) values(‘Julia‘,‘rd‘);        Query OK, 1 row affected (0.00 sec)

配置freeradius

177 line uncomment sql
170 line comment files
406 line uncomment sql
[[email protected] mysql]# vi /usr/local/radius/etc/raddb/sites-enabled/default
	authorize {
  	chap
 		mschap
  	suffix
  	eap
170  #	files
177  	sql
  	pap
}
accounting {
 		detail
 		unix
 		radutmp
406	sql
}

[[email protected] mysql]# vi /usr/local/radius/etc/raddb/sql.conf
 22 sql {
 23     #
 24     #  Set the database to one of:
 25     #
 26     #   mysql, mssql, oracle, postgresql
 27     #
 28     database = "mysql"
 29
 30     #
 31     #  Which FreeRADIUS driver to use.
 32     #
 33     driver = "rlm_sql_${database}"
 34
 35     # Connection info:
 36     server = "localhost"
 37     #port = 3306
 38     login = "root"
 39     password = "password"
 40
 41     # Database table configuration for everything except Oracle
 42     radius_db = "radius"
[[email protected] mysql]# vi /usr/local/radius/etc/raddb/clients.conf
236 client 127.0.0.1 {
237     secret = password
238     shortname = localhost
239     nastype = other
240 }
241
242 client 10.8.117.45 {
243     secret = password
244     shortname = localhost
245     nastype = other
246 }
247 client 10.219.128.19 {
248     secret = password
249     shortname = localhost
250     nastype = other
251 }   
[[email protected] mysql]# vi /usr/local/radius/etc/raddb/radiusd.conf
731     $INCLUDE ${confdir}/modules/
732
733     #  Extensible Authentication Protocol
734     #
735     #  For all EAP related authentications.
736     #  Now in another file, because it is very large.
737     #
738     $INCLUDE eap.conf
739
740     #  Include another file that has the SQL-related configuration.
741     #  This is another file only because it tends to be big.
742     #
743     $INCLUDE sql.conf                                       //uncomment

启动server端radius

[[email protected] radius]# sbin/radiusd -X
Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory
Make sure it (and all its dependent libraries!) are in the search path of your system‘s ld.
/usr/local/radius/etc/raddb/sql.conf[22]: Instantiation failed for module "sql"
/usr/local/radius/etc/raddb/sites-enabled/default[177]: Failed to find "sql" in the "modules" section.
/usr/local/radius/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section.
加载sql失败
[[email protected] sbin]# cd /usr/local/src/freeradius-server-2.2.6/src/modules/rlm_sql/drivers/rlm_sql_mysql/
[[email protected] rlm_sql_mysql]# ./configure --with-dir=/usr/share/mysql/ --with-mysql-lib=/usr/lib/mysql/
[[email protected] rlm_sql_mysql]# make
[[email protected] src]# cd /usr/local/radius/
[[email protected] radius]# cd sbin/
[[email protected] sbin]# ./radiusd  -X
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/radius/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.

client端测试

[[email protected] ~]# echo "User-Name = Samsun, User-Password=password" | /usr/local/bin/radclient 10.8.118.100:1812 auth password
Received response ID 58, code 2, length = 20
server log:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/radius/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.8.116.8 port 51222, id=58, length=46
        User-Name = "Samsun"
        User-Password = "password"
# Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No ‘@‘ in User-Name = "Samsun", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[sql]   expand: %{User-Name} -> Samsun
[sql] sql_set_user escaped user --> ‘Samsun‘
rlm_sql (sql): Reserving sql socket id: 31
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = ‘%{SQL-User-Name}‘           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = ‘Samsun‘           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = ‘%{SQL-User-Name}‘           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = ‘Samsun‘           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = ‘%{SQL-User-Name}‘           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = ‘Samsun‘           ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = ‘%{Sql-Group}‘           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = ‘qa‘           ORDER BY id
[sql] User found in group qa
[sql]   expand: SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = ‘%{Sql-Group}‘           ORDER BY id -> SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = ‘qa‘           ORDER BY id
rlm_sql (sql): Released sql socket id: 31
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"               !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /usr/local/radius/etc/raddb/sites-enabled/default
+group PAP {
[pap] login attempt with password "password"
[pap] Using clear text password "password"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /usr/local/radius/etc/raddb/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 58 to 10.8.116.8 port 51222
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 58 with timestamp +789
Ready to process requests.

client端alicia测试

[[email protected] ~]# radtest alicia password 10.8.118.100:1812 0 password
Sending Access-Request of id 153 to 10.8.118.100 port 1812
        User-Name = "alicia"
        User-Password = "password"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 10.8.118.100 port 1812, id=153, length=20
server log:
rad_recv: Access-Request packet from host 10.8.116.8 port 40531, id=153, length=76
        User-Name = "alicia"
        User-Password = "password"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
        Message-Authenticator = 0x65dc0b64af155a18136889edeaea43a5
# Executing section authorize from file /usr/local/radius/etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No ‘@‘ in User-Name = "alicia", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[sql]   expand: %{User-Name} -> alicia
[sql] sql_set_user escaped user --> ‘alicia‘
rlm_sql (sql): Reserving sql socket id: 29
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = ‘%{SQL-User-Name}‘           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = ‘alicia‘           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = ‘%{SQL-User-Name}‘           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = ‘alicia‘           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = ‘%{SQL-User-Name}‘           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = ‘alicia‘           ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = ‘%{Sql-Group}‘           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = ‘qa‘           ORDER BY id
[sql] User found in group qa
[sql]   expand: SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = ‘%{Sql-Group}‘           ORDER BY id -> SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = ‘qa‘           ORDER BY id
rlm_sql (sql): Released sql socket id: 29
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"               !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /usr/local/radius/etc/raddb/sites-enabled/default
+group PAP {
[pap] login attempt with password "password"
[pap] Using clear text password "password"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /usr/local/radius/etc/raddb/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 153 to 10.8.116.8 port 40531
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 153 with timestamp +998
Ready to process requests.

至此,redius搭建成功,可以实现基本的用户认证访问

时间: 2024-10-11 22:49:06

Linux freeradius server的相关文章

Welcome Docker to SUSE Linux Enterprise Server【水平有限,中英对比,求纠错】

  原文:Welcome Docker to SUSE Linux Enterprise Server Lightweight virtualization is a hot topic these days. Also called "operating system-level virtualization," it allows you to run multiple applications or systems on one host without a hypervisor

Linux高性能server编程——高级I/O函数

 高级I/O函数 pipe函数 pipe函数用于创建一个管道,实现进程间的通信. #include <unistd.h> int pipe(int pipefd[2]); 通过pipe函数创建的文件描写叙述符fd[0]和fd[1]分别构成管道的两端,往fd[1]写入的数据能够从fd[0]读出,不能反过来.管道内部传输的数据时字节流,和TCP字节流概念同样,但有差别,管道本身拥有一个容量限制,它规定假设应用程序不将数据从管道读走的话,该管道最多能被写入多少字节的数据.管道容量阿东小默认是65

Teamcenter10 step-by-step installation in Linux env-Oracle Server Installation

Recommended Reference Material <<Teamcenter 10.1 Installation on Unix and Linux Servers Guide>> <<Oracle Database Installation Guide 11g Release2(11.2) for Linux>> The detailed screenshots about installation and upgrading Oracle Se

linux tcp server demo

? 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 #include <sys/types.h>  #include <sys/socket.h>  #include <string.h>  #include <netin

LVS Load Balancing Linux Virtual Server

简介:Linux虚拟服务器(Linux Virtual Server. LVS),是一个由章文松开发的自由软件.利用KVS可以实现高可用的.可伸缩缩的Web, Mail, Cache和Medial等网络股务..井在此基 础上开发支持庞大用户数的,可伸缩的,高可用的电子商务应用.LVS1998年发展到现在,已经变得比较成熟,目前广泛应用在各种网络服务和电了商务应用 中.LVS具有很好的伸缩缩性.可靠性和管埋性,通过LVS要实现的最终目标是:利用linux 操作系统和LVS集群软件实现一个高可用.高

LVS (Linux Virtual Server) 负载均衡

[大型网站技术实践]初级篇:借助LVS+Keepalived实现负载均衡 一.负载均衡:必不可少的基础手段 1.1 找更多的牛来拉车吧 当前大多数的互联网系统都使用了服务器集群技术,集群即将相同服务部署在多台服务器上构成一个集群整体对外提供服务,这些集群可以是Web应用服务器集群,也可以是数据库服务器集群,还可以是分布式缓存服务器集群等等. 古人有云:当一头牛拉不动车的时候,不要去寻找一头更强壮的牛,而是用两头牛来拉车. 在实际应用中,在Web服务器集群之前总会有一台负载均衡服务器,负载均衡设备

linux后台server开发环境的部署配置和验证(nginx+apache+php-fpm+FASTCGI(C/C++))

linux后台server开发环境部署配置 引言 背景 随着互联网业务的不断增多.开发环境变得越来越复杂,为了便于统一server端的开发部署环境,特制定本配置文档. 使用软件 CentOS 6.3(Linux version 2.6.32-279.el6.x86_64) gcc (GCC) 4.4.6 20120305 (Red Hat 4.4.6-4) 本次配置 Nginx 1.5.8 Apache 2.4.7 php 5.3.26 目的 构造WEB前端技术架构.web前端的部署结构技术全然

LVS (Linux Virtual Server)集群项目实践

LVS (LinuxVirtual Server)集群项目实践 实验目的:通过实验可以熟练规划和配置集群项目 实验环境:Red Hat Enterprise Linux Server release 6.4 实验前提:请确保实验前看过 LVS 中文站点 实验说明:本实验只是以实现负载均衡为目标,并没有考虑如共享存储等,这方面问题在以后的实验中 会添加. 实验步骤: 一.LVS 系统模型 二.LVS 调度算法 三.负载平衡方法 四.常用术语介绍 五.NAT 方式架设 六.DR方式架设 一.LVS

[Linux] ubuntu server sudo出现sudo:must be setuid root 完美解决办法

1.开机按shift或esc先进行recovery模式 2.选择root命令行模式 3.先执行 #mount -o remount,rw / 这个很重要,网上找的很多资料都不全没有这步造成无法恢复成功. 因为recovery模式默认是以只读模式挂载的,如果不执行这句的话会报 4.执行 #chown root:root /usr/bin/sudo #chmod 4755 /usr/bin/sudo 5.重启之后运行 sudo ls 报 #sudo: /usr/lib/sudo/sudoers.so