FreeRADIUS与MySQL服务集成配置

 未分类  Add comments
3 月 172015
 

安装并测试

[root@localhost ~]# yum -y install freeradius freeradius-utils freeradius-mysql mysql-server

centos-6-freeradius-mysql-integration-01
[root@localhost ~]# rpm -lq freeradius-utils |grep radtest
/usr/bin/radtest
/usr/share/man/man1/radtest.1.gz
[root@localhost ~]#

centos-6-freeradius-mysql-integration-02 centos-6-freeradius-mysql-integration-03 centos-6-freeradius-mysql-integration-04
[root@localhost ~]# rpm -lq freeradius-mysql
/etc/raddb/sql/mysql
/etc/raddb/sql/mysql/admin.sql
/etc/raddb/sql/mysql/counter.conf
/etc/raddb/sql/mysql/cui.conf
/etc/raddb/sql/mysql/cui.sql
/etc/raddb/sql/mysql/dialup.conf
/etc/raddb/sql/mysql/ippool.conf
/etc/raddb/sql/mysql/ippool.sql
/etc/raddb/sql/mysql/nas.sql
/etc/raddb/sql/mysql/schema.sql
/etc/raddb/sql/mysql/wimax.conf
/etc/raddb/sql/mysql/wimax.sql
/etc/raddb/sql/ndb
/etc/raddb/sql/ndb/README
/etc/raddb/sql/ndb/admin.sql
/etc/raddb/sql/ndb/schema.sql
/usr/lib64/freeradius/rlm_sql_mysql-2.1.12.so
/usr/lib64/freeradius/rlm_sql_mysql.so
[root@localhost ~]#

编辑取消steve用户配置信息注释
[root@localhost ~]# cd /etc/raddb/
[root@localhost raddb]# vi users
启动debug模式
-X Turn on full debugging.
[root@localhost raddb]# radiusd -X

启动后最后6行屏幕输出
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.

新建终端会话窗口并执行登录操作
[root@localhost ~]# radtest steve testing localhost 1812 testing123
Sending Access-Request of id 173 to 127.0.0.1 port 1812
User-Name = “steve”
User-Password = “testing”
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=173, length=71
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 172.16.3.33
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = “std.ppp”
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
[root@localhost ~]#

centos-6-freeradius-mysql-integration-05centos-6-freeradius-mysql-integration-09 centos-6-freeradius-mysql-integration-10 centos-6-freeradius-mysql-integration-11 centos-6-freeradius-mysql-integration-12 centos-6-freeradius-mysql-integration-13 centos-6-freeradius-mysql-integration-14 centos-6-freeradius-mysql-integration-15 centos-6-freeradius-mysql-integration-16 centos-6-freeradius-mysql-integration-17 centos-6-freeradius-mysql-integration-18 centos-6-freeradius-mysql-integration-19 centos-6-freeradius-mysql-integration-20 centos-6-freeradius-mysql-integration-21服务器debug输出最后一部分,Ctrl-C退出

配置成功恢复注释
配置数据库
[root@localhost raddb]# service mysqld start

[root@localhost raddb]# mysql -u root -p
mysql> create database radius;
Query OK, 1 row affected (0.00 sec)

mysql> exit
Bye

导入表结构
[root@localhost raddb]# mysql -u root -p radius < ./sql/mysql/schema.sql
Enter password:
[root@localhost raddb]# mysql -u root -p radius < ./sql/mysql/nas.sql
Enter password:
[root@localhost raddb]# mysql -u root -p radius < ./sql/mysql/ippool.sql
Enter password:
[root@localhost raddb]#

查看导入的表

centos-6-freeradius-mysql-integration-06

授权,
mysql> grant select on radius.* to radius@localhost identified by ‘radpass’;
Query OK, 0 rows affected (0.00 sec)

mysql> grant all on radius.radacct to radius@localhost;
Query OK, 0 rows affected (0.00 sec)

mysql> grant all on radius.radpostauth to radius@localhost;
Query OK, 0 rows affected (0.00 sec)

mysql> select * from radgroupreply;
Empty set (0.00 sec)

注意此处用户名密码为/etc/raddb/sql.conf中默认配置
# Connection info:
server = “localhost”
#port = 3306
login = “radius”
password = “radpass”

向表内插入数据

插入组信息
mysql> insert into radgroupreply(groupname,attribute,op,value) values (‘user’,’Auth-Type’,’:=’,’Local’);
Query OK, 1 row affected (0.00 sec)

查看插入的数据

centos-6-freeradius-mysql-integration-07
mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘user’,’Service-Type’,’=’,’Framed-User’);
Query OK, 1 row affected (0.00 sec)

mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘user’,’Framed-IP-Netmask’,’=’,’255.255.255.254′);
Query OK, 1 row affected (0.00 sec)

mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘user’,’Framed-IP-Netmask’,’:=’,’255.255.255.0′);
Query OK, 1 row affected (0.00 sec)
查看整张表的数据

centos-6-freeradius-mysql-integration-08

插入用户信息

mysql> select * from radcheck;
Empty set (0.00 sec)

mysql> insert into radcheck (UserName,Attribute,Value) values (‘user1′,’Password’,’passwd1′);
Query OK, 1 row affected (0.00 sec)

mysql> insert into radcheck (UserName,Attribute,Value) values (‘user2′,’Password’,’passwd2′);
Query OK, 1 row affected (0.00 sec)
查看整张表的数据

将用户加入组
mysql> select * from radusergroup;
Empty set (0.00 sec)

mysql> insert into radusergroup (username,groupname) values (‘user1′,’user’);
Query OK, 1 row affected (0.00 sec)

mysql> insert into radusergroup (username,groupname) values (‘user2′,’user’);
Query OK, 1 row affected (0.00 sec)
查看整张表的数据
修改配置文件并连接数据库

取消注释
[root@localhost raddb]# vi radiusd.conf
$INCLUDE sql.conf
取消注释
[root@localhost raddb]# vi sql.conf
readclients = yes

增加注释,取消sql注释
[root@localhost raddb]# vi sites-enabled/default

3图

增加注释,取消注释2处
[root@localhost raddb]# vi sites-enabled/inner-tunnel

修改1处
[root@localhost raddb]# vi eap.conf

修改1处
[root@localhost raddb]# vi proxy.conf

启动debug模式确认启动状态
[root@localhost raddb]# radiusd -X

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)