/*以下操作为radius服务器上操作*/#更新源sudo apt-get update#先安装Mysqlsudo apt-get install -y mysql-server mysql-client #安装freeradius及所需组件sudo apt-get install -y freeradius freeradius-mysql freeradius-utils freeradius-dialupadmin#从这里开始,要切换到root用户,否则看不到freeradius的配置文件。sudo su#修改主配置文件vim /etc/freeradius/radiusd.conf#listen字段的配置listen { … ipaddr = *#默认为*,可修改为所需的本机ip地址 type = auth#acct类型下的配置写法也类似 … #interface = eth0#多个网络接口的情况下,可以指定其中一个 … } #module字段的配置modules { … $INCLUDE ${confdir}/modules/#pap、chap等模块的配置也在该目录下 … $INCLUDE sql.conf#反注释,以开启sql的相关配置 … }#修改配置文件 vim /etc/freeradius/sites-enabled/default找到authorize {}模块,注释掉files(170行),去掉sql前的#号(177行)。找到preacct {}模块,注释掉files(372行)。找到accounting {}模块,注释掉radutmp(396行),去掉sql前面的#号(406行)。找到session {}模块,注释掉radutmp(450行),去掉sql前面的#号(454行)。找到post-auth {}模块,去掉sql前的#号(475行),去掉sql前的#号(563行)。#修改配置文件vim /etc/freeradius/sites-enabled/inner-tunnel找到authorize {}模块,注释掉files(124行),去掉sql前的#号(131行)。找到session {}模块,注释掉radutmp(251行),去掉sql前面的#号(255行)。找到post-auth {}模块,去掉sql前的#号(277行),去掉sql前的#号(301行)。#修改客户端配置文件client 10.0.0.0/16 {#客户端的ip地址,可以是ip段,如192.168.1.0/24 secret= testing123 shortname = private-network-client } #修改访问数据库的配置文件 vim /etc/freeradius/sql.conf sql {database = "mysql"driver = "rlm_sql_${database}"server = "localhost"login = "radius"password = "xxxxxxx"radius_db = "radius" } #创建radius数据库和用户 mysql> create database radius; mysql> grant all on radius.* to radius@'%' identified by 'xxxxxx'; mysql> flush privileges; #导入freeradiu表 cd /etc/freeradius/sql/mysql/ for i in `ls`;do mysql -uroot -pxxxxxx radius < $i; done /*以上操作为radius服务器上操作*/ ======================================================================================== /*以下操作为pptpd服务器上操作*/ #在PPTPD服务器上安装Freeradius-client,注意使用root编译 wget -c ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.7.tar.gz tar zxvf freeradius-client-1.1.7.tar.gz cd freeradius-client-1.1.7 ./configure make && make install #修改客户端的配置文件 vim /usr/local/etc/radiusclient/servers x.x.x.xtesting123<span style="white-space:pre"></span>//radius服务器地址及密钥 vim /usr/local/etc/radiusclient/radiusclient.conf authserver x.x.x.x //radius服务器地址 #增加字典(重要) wget -c mv dictionary.microsoft /usr/local/etc/radiusclient/ # cat >>/usr/local/etc/radiusclient/dictionary << EOF # INCLUDE /usr/local/etc/radiusclient/dictionary.sip # INCLUDE /usr/local/etc/radiusclient/dictionary.ascend # INCLUDE /usr/local/etc/radiusclient/dictionary.merit # INCLUDE /usr/local/etc/radiusclient/dictionary.compat # INCLUDE /usr/local/etc/radiusclient/dictionary.microsoft # EOF #修改配置文件(重要) vim /usr/local/etc/radiusclient/dictionary #注释与IPv6有关的行 92:#ATTRIBUTEFramed-IPv6-Prefix97ipv6prefix 100:#ATTRIBUTEFramed-IPv6-Address168ipv6addr 101:#ATTRIBUTEDNS-Server-IPv6-Address 169ipv6addr 102:#ATTRIBUTERoute-IPv6-Information 170ipv6prefix #与PPTP整合 sed -i 's/logwtmp/\#logwtmp/g' /etc/pptpd.conf sed -i 's/radius_deadtime/\#radius_deadtime/g' /usr/local/etc/radiusclient/radiusclient.conf sed -i 's/bindaddr/\#bindaddr/g' /usr/local/etc/radiusclient/radiusclient.conf #注意:32操作系统的radius.so路径为/usr/lib/pppd/2.4.5/radius.so,这里是64位的路径 echo plugin /usr/lib64/pppd/2.4.5/radius.so >> /etc/ppp/options.pptpd echo radius-config-file /usr/local/etc/radiusclient/radiusclient.conf >> /etc/ppp/options.pptpd /*以上操作为pptpd服务器上操作*/======================================================================================================================== /*以下操作为radius服务器上操作*/ #Mysql添加认证账号 #添加demo用户并加入到user用户组 mysql>INSERT INTO radcheck (username,attribute,op,VALUE) VALUES ('demo','Password',':=','demo'); mysql> INSERT INTO radusergroup (username,groupname) VALUES ('demo','user'); #debug模式启动freeradius freeradiusd -X #正式启动 /etc/init.d/freeradius start
版权声明:本文为博主原创文章,未经博主允许不得转载。
,把艰辛的劳作看作是生命的必然,
