PPTP + FreeRADIUS + MySQL 安裝與配置

weixin_34119545發表於2014-02-19

原文地址:http://www.zhukun.net/archives/5375

PPTP + FreeRADIUS + MySQL 安裝與配置

FreeRADIUS 是實現 RADIUS 協議的開源軟體,而 RADIUS 主要用來實現認證(Authentication)、授權(Authorization)以及計費(Accounting)功能。本文內容在Centos 5.7 32bit下測試成功。

一,VPN伺服器安裝配置

# 安裝編譯環境

yum install -y wget gcc gcc-c++ make

# 安裝ppp

yum install -y ppp

# 安裝PPTP VPN

wget http://hello-linux.googlecode.com/files/pptpd_with_freeradius_plugins.sh
chmod +x pptpd_with_freeradius_plugins.sh
./pptpd_with_freeradius_plugins.sh

注意:此PPTP VPN指令碼已經加入了FreeRADIUS外掛,不能脫離FreeRADIUS獨立使用。如果你只想安裝PPTP VPN的話,請不要使用此指令碼。
此時如果提示“錯誤691:由於域上的使用者名稱和/或密碼無效而拒絕訪問”,請不要擔心,這是正常的。

二,FreeRADIUS 客戶端安裝與配置

# freeradius-client安裝

cd /root
wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.6.tar.gz
tar zxvf freeradius-client-1.1.6.tar.gz
cd freeradius-client-1.1.6
./configure && make && make install

# freeradius-client配置

vi /usr/local/etc/radiusclient/radiusclient.conf

找到 authserver 和 acctserver 將值改為 localhost
將 radius_deadtime 0 和 bindaddr * 將這兩項註釋掉(或者通過以下命令來註釋之)

sed -i 's/radius_deadtime/\#radius_deadtime/g' /usr/local/etc/radiusclient/radiusclient.conf
sed -i 's/bindaddr/\#bindaddr/g' /usr/local/etc/radiusclient/radiusclient.conf

# 指定FreeRADIUS Server地址,並設定通訊密碼

cat >>/usr/local/etc/radiusclient/servers<<EOF
localhost   testing123
EOF

注意:這裡的通訊密碼不建議更改!經本人測試,更改後使用不正常。

# 增加字典。這一步很重要!否則windows客戶端無法連線伺服器

wget -c http://hello-linux.googlecode.com/files/dictionary.microsoft
mv ./dictionary.microsoft /usr/local/etc/radiusclient/
cat >>/usr/local/etc/radiusclient/dictionary<<EOF
INCLUDE /usr/local/etc/radiusclient/dictionary.sip
INCLUDE /usr/local/etc/radiusclient/dictionary.ascend
INCLUDE /usr/local/etc/radiusclient/dictionary.merit
INCLUDE /usr/local/etc/radiusclient/dictionary.compat
INCLUDE /usr/local/etc/radiusclient/dictionary.microsoft
EOF

三,FreeRADIUS 服務端安裝與配置

# 安裝 mysql

yum install mysql mysql-devel mysql-server
service mysqld start
chkconfig mysqld on
mysqladmin -uroot -p password 新密碼
# 此時會讓你輸入原密碼,一般 mysql 安裝好以後的初始密碼為空,因此直接回車即可
# 如果使用非上述方式安裝了MySQL(比如lnmp一鍵安裝包裡自帶的mysql),請執行以下兩條語句
ln -s /usr/local/mysql/bin/mysql /usr/bin
ln -s /usr/local/mysql/bin/mysqladmin /usr/bin

# 安裝 freeradius-server

wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.12.tar.gz
tar zxf freeradius-server-2.1.12.tar.gz
cd freeradius-server-2.1.12
./configure | grep mysql
# grep 這步操作主要是檢視mysql的幾個引數是不是都是yes,如果不是,需要檢查下mysql安裝.
make && make install

# 基本文字資料的本地測試

vi /usr/local/etc/raddb/users
# 找到 steve Cleartext-Password := “testing” , 取消該段的相關注釋
steve   Cleartext-Password := "testing"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 172.16.3.33,
        Framed-IP-Netmask = 255.255.255.0,
        Framed-Routing = Broadcast-Listen,
        Framed-Filter-Id = "std.ppp",
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobsen-TCP-IP
radiusd -X
# 進入debug日誌輸出模式
# 如果有出現
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
# 這些字樣說明正常啟動成功了
 
# 重新開啟一個視窗,執行下面這條命令
radtest steve testing localhost 1812 testing123 # 使用者名稱steve密碼testing , 連線金鑰testing123
# 出現 rad_recv: Access-Accept packet 字樣說明驗證成功

# freeradius 和 mysql 整合

mysqladmin -u root -p create radius
mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/schema.sql
mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/nas.sql
mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/ippool.sql
mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/wimax.sql
mysql -u root -p
mysql> GRANT SELECT ON radius.* TO 'radius'@'localhost' IDENTIFIED BY 'radpass';
mysql> GRANT ALL on radius.radacct TO 'radius'@'localhost';
mysql> GRANT ALL on radius.radpostauth TO 'radius'@'localhost';
mysql> use radius;
 
# 加入組資訊,本例中的組名為user
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type','=','Framed-User');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
 
# 加入使用者資訊
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('sqltest', 'Password', 'testpwd');
 
# 使用者加到組裡
mysql> insert into radusergroup(username,groupname) values('sqltest','user');
 
# 限制賬戶同時登陸次數
mysql> INSERT INTO radgroupcheck (GroupName, Attribute, op, Value) values("user", "Simultaneous-Use", ":=", "1");
vi /usr/local/etc/raddb/sql.conf
# 設定資料庫型別,帳號,密碼,資料庫,根據實際情況修改
# 找到 readclients = yes 取消前面的註釋,取消該註釋主要是啟用nas表查詢,clients.conf就可以不需要了
 
vi /usr/local/etc/raddb/radiusd.conf
# 查詢$INCLUDE sql.conf(第700行),去掉#號
 
vi /usr/local/etc/raddb/sites-enabled/default
# 找到authorize {}模組,註釋掉files(170行),去掉sql前的#號(177行)
# 找到accounting {}模組,註釋掉radutmp(396行),去掉sql前面的#號(406行)
# 找到session {}模組,註釋掉radutmp(450行),去掉sql前面的#號(454行)
# 找到post-auth {}模組,去掉sql前的#號(475行),去掉sql前的#號(563行)
 
vi /usr/local/etc/raddb/sites-enabled/inner-tunnel
# 找到authorize {}模組,註釋掉files(124行),去掉sql前的#號(131行)
# 找到session {}模組,註釋掉radutmp(251行),去掉sql前面的#號(255行)
# 找到post-auth {}模組,去掉sql前的#號(277行),去掉sql前的#號(301行)

# 正常啟動 FreeRADIUS 並加入開機自啟動項

cd /root
wget http://hello-linux.googlecode.com/files/radiusd
mv radiusd /etc/init.d/
chmod +x /etc/init.d/radiusd
vi /etc/init.d/radiusd
# 找到prefix=/usr/local/radius(第25行),將其改為prefix=/usr/local
/etc/init.d/radiusd start
 
vi /etc/rc.local
# 在最後一行插入/etc/init.d/radiusd start

# 最終測試

# 用剛才插入資料庫的使用者名稱和密碼來檢驗
radtest sqltest testpwd localhost 1812 testing123
# 出現 rad_recv: Access-Accept packet 字樣說明安裝已經成功

至此,安裝已完成。

可能出現的問題:

/usr/local/etc/raddb/sites-enabled/inner-tunnel[118]: Failed to find module “sql”.
/usr/local/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing authorize section.
 
# 在系統裡找下是否有rlm_sql_mysql.so這個檔案,如果沒有,那麼依次執行以下命令:
cd /root/freeradius-server-2.1.12/src/modules/rlm_sql/drivers/rlm_sql_mysql
./configure --with-mysql-dir=/var/lib/mysql --with-mysql-lib-dir=/var/lib/mysql/lib --with-mysql-include-dir=/var/lib/mysql/include
make && make install
cd /usr/local/lib
cp rlm_sql_mysql.* /root/freeradius-server-2.1.12/src/modules/rlm_sql/drivers/rlm_sql_mysql/
radiusd -X
radiusd: error while loading shared libraries:libfreeradius-radius-2.1.12.so: cannot open shared object file: No such file or directory
 
執行以下命令即可:
ldconfig

本文參考:
系統之家
WangYan Blog

相關文章