Ubuntu 16.04.1 LTS下安裝FreeRADIUS2.2.8並開啟MySQL認證

2020-06-16 17:23:17

Ubuntu 16.04.1 LTS下安裝FreeRADIUS2.2.8並開啟MySQL認證

更新系統

sudo apt update

sudo apt upgrade

安裝MariaDB

sudo apt-get install software-properties-common

sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8

sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://mirrors.tuna.tsinghua.edu.cn/mariadb/repo/10.1/ubuntu xenial main'

sudo apt update

sudo apt install mariadb-server

安裝freeradius

用mysql來儲存相關資料，安裝vim是為了使用語法高亮方便一點，不是必須的。

sudo apt-get install freeradius freeradius-mysql vim

ps -ef |grep freeradius

測試freeradius

vi /etc/freeradius/users

找到這一行

#steve Cleartext-Password:="testing"

將前面的#去掉

steve Cleartext-Password := "testing"

Service-Type = Framed-User,

Framed-Protocol = PPP,

Framed-IP-Address = 172.16.3.33,

Framed-IP-Netmask = 255.255.255.0,

Framed-Routing = Broadcast-Listen,

Framed-Filter-Id = "std.ppp",

Framed-MTU = 1500,

Framed-Compression = Van-Jacobsen-TCP-IP

偵錯的命令為：

sudo freeradius -X

freeradius測試，新開啟一個終端

radtest steve testing localhost 0 testing123

結果：

Sending Access-Request of id 44 to 127.0.0.1 port 1812

User-Name = "steve"

User-Password = "testing"

NAS-IP-Address = 127.0.1.1

NAS-Port = 0

Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=44, length=71

Service-Type = Framed-User

Framed-Protocol = PPP

Framed-IP-Address = 172.16.3.33

Framed-IP-Netmask = 255.255.255.0

Framed-Routing = Broadcast-Listen

Filter-Id = "std.ppp"

Framed-MTU = 1500

Framed-Compression = Van-Jacobson-TCP-IP

Access-Accept表示成功

將radius和mysql融合

輸入mysql -u root -p，輸入密碼

1)建立資料庫並匯入radius資料結構

mysql>create database radius;

mysql>grant all on radius.* to 'radius'@'localhost' identified by 'radpass';

mysql>flush privileges;

#mysql -u root -p radius </etc/freeradius/sql/mysql/schema.sql

2)建立組（在此新建組名稱為user）

#mysql -u root -p

use radius;

insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');

insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');

insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.255');

insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');

3)建立使用者（在此新建使用者名稱為test，密碼為testpwd）

insert into radcheck (username,attribute,op,value) values ('test','Cleartext-Password',':=','testpwd');

4)將使用者加入組中：

insert into radusergroup (username,groupname) values ('test','user');

exit

5)開啟SQL認證

vim /etc/freeradius/sql.conf

修改裡面的使用者名稱和密碼:（下面為預設帳號密碼，按資料庫實際使用者密碼修改）

password = " radpass"

vim /etc/freeradius/radiusd.conf將$INCLUDE sql.conf前的#去掉

vim /etc/freeradius/sites-available/default將sql前的#去掉

6)測試：

sudo freeradius -X，在另一終端執行radtest test testpw：d localhost 1812 testing123

獲得結果：

Sending Access-Request of id 71 to 127.0.0.1 port 1812

User-Name = "test"

User-Password = "testpwd"

NAS-IP-Address = 127.0.1.1

NAS-Port = 1812

Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=71, length=38

Service-Type = Framed-User

Framed-IP-Address = 255.255.255.255