radius+httpd+php+mysql+dialupadmin總結

RADIUS是一種C/S結構的協議，它的客戶端最初就是NAS（Net Access Server）伺服器，現在任何執行RADIUS客戶端軟體的計算機都可以成為RADIUS的客戶端。RADIUS協議認證機制靈活，可以採用PAPCHAP或者Unix登入認證等多種方式.

RADIUS是一種可擴充套件的協議，它進行的全部工作都是基於Attribute-Length-Value的向量進行的。RADIUS也支援廠商擴充廠家專有屬性.由於RADIUS協議簡單明確，可擴充，因此得到了廣泛應用，包括普通電話上網、ADSL上網、小區寬頻上網、IP電話、VPDN（Virtual Private Dialup Networks，基於撥號使用者的虛擬專用撥號網業務）、行動電話預付費等業務。最近IEEE提出了802.1x標準，這是一種基於埠的標準，用於對無線網路的接入認證，在認證時也採用RADIUS協議。

1.系統環境centos6

2.軟體freeradius-2.1.10-5.el6.i686，mysql-5.1.61-1.el6_2.1.i686 php-5.3.3-3.el6_2.8.i686，freeradius-dialupadmin-2.1.1-2.fc10.i386，httpd-2.2.15-15.el6.centos.1.i686

3.安裝軟體

[root@localhost ~]# yum -y httpd mysql mysql-devel mysql-server php freeradius freeradius-mysql httpd-devel php-devel php-gd php-mbstring php-mysql php-xml freeradius-

dialupadmin perl-DateManip php-pgsql php-ldap

4.設定開機啟動

[root@localhost ~]# chkconfig httpd on

[root@localhost ~]# chkconfig mysqld on

[root@localhost ~]# chkconfig radius on

[root@localhost ~]# chkconfig radiusd on

5.配置radiusd.conf檔案如下：

[root@localhost ~]# cd /etc/raddb/ //這個主要是配置檔案所在地

[root@localhost raddb]# ls

acct_users                 clients.conf.1 policy.conf      sql//資料庫檔案.sql檔案所在目錄這個需要匯入資料庫。

attrs                      dictionary      policy.txt       sql.conf//sql配置檔案

attrs.access_challenge     eap.conf        preproxy_users   sql.conf.1

attrs.access_reject        example.pl      proxy.conf       sqlippool.conf

attrs.accounting_response hints           radiusd.conf//主配置檔案     templates.conf

attrs.pre-proxy            huntgroups      radiusd.conf.1   users

certs                      ldap.attrmap    sites-available users.1

clients.conf//客戶端配置檔案              modules         sites-enabled

6.[root@localhost raddb]# cat radiusd.conf//主配置檔案

prefix = /usr

exec_prefix = /usr

sysconfdir = /etc

localstatedir = /var

sbindir = /usr/sbin

logdir = ${localstatedir}/log/radius

raddbdir = ${sysconfdir}/raddb

radacctdir = ${logdir}/radacct

name = radiusd

confdir = ${raddbdir}

run_dir = ${localstatedir}/run/${name}

db_dir = ${raddbdir}

libdir = /usr/lib/freeradius

pidfile = ${run_dir}/${name}.pid

user = radiusd

group = radiusd

max_request_time = 30

cleanup_delay = 5

max_requests = 1024

listen {

type = auth

ipaddr = *

port = 0

}

listen {

        ipaddr = *

        port = 0

        type = acct

}

hostname_lookups = no

allow_core_dumps = no

regular_expressions = yes

extended_expressions = yes

log {

destination = files

file = ${logdir}/radius.log

syslog_facility = daemon

stripped_names = no

auth = no

auth_badpass = no

auth_goodpass = no

}

checkrad = ${sbindir}/checkrad

security {

max_attributes = 200

reject_delay = 1

status_server = yes

}

proxy_requests = yes

$INCLUDE proxy.conf

$INCLUDE clients.conf

thread pool {

start_servers = 5

max_servers = 32

min_spare_servers = 3

max_spare_servers = 10

max_requests_per_server = 0

}

modules {

$INCLUDE ${confdir}/modules/

$INCLUDE eap.conf

}

instantiate {

exec

expr

expiration

logintime

}

$INCLUDE policy.conf

$INCLUDE sites-enabled/

$INCLUDE sql.conf //這個是本人加入的

7.[root@localhost raddb]# cat sql.conf//檢視sql配置檔案

sql {

database = “mysql”

driver = “rlm_sql_${database}”

        server = “localhost”

        login = “root”//修改資料使用者名稱為root

        password = “123456”//密碼為123456

        radius_db = “radius”//資料庫名字叫radius

        acct_table1 = “radacct”

        acct_table2 = “radacct”

postauth_table = “radpostauth”

authcheck_table = “radcheck”

authreply_table = “radreply”

groupcheck_table = “radgroupcheck”

groupreply_table = “radgroupreply”

usergroup_table = “radusergroup”

deletestalesessions = yes

sqltrace = no

sqltracefile = ${logdir}/sqltrace.sql

num_sql_socks = 5

connect_failure_retry_delay = 60

lifetime = 0

max_queries = 0

nas_table = “nas”

$INCLUDE sql/${database}/dialup.conf

}

8.[root@localhost raddb]# cat clients.conf//客戶端配置檔案

client localhost {

ipaddr = 127.0.0.1

secret = testing123

require_message_authenticator = no

}

client 192.168.40.39 {

secret =testing123

shortname =test

nastype =other

}

//為你NAS的相應值

192.168.40.39為NAS要地址

secret      = testing123為金鑰

shortname   = test任意

nastype     = other為你NAS裝置的型別

9.配置httpd.conf /etc/httpd/conf/httpd.conf

檔案新增兩處如下：

DirectoryIndex index.html index.php index.html.var//新增index.php

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

AddType application/x-httpd-php .html

修改apache的radius.conf配置檔案

# vi /etc/httpd/conf.d/radius.conf

<Directory /usr/share/dialup_admin/htdocs/>

   Options None

   order deny,allow

   deny from all

   allow from 127.0.0.1 192.168.40.39

</Directory>

在allow from 處新增你允許訪問freeradius-dialupadmin的ip 用空格分開

修改apache的php.conf配置檔案

# vi /etc/httpd/conf.d/php.conf

在未尾新增

AddType application/x-httpd-php .php .php3

10.配置主配置檔案admin.conf檔案

[root@localhost raddb]# cd /usr/share/dialup_admin/

[root@localhost dialup_admin]# ls

bin Changelog conf doc htdocs html lib Makefile README sql

[root@localhost conf]# ls

accounting.attrs auth.request        naslist.conf    user_edit.attrs

admin.conf //主配置       captions.conf       naslist.conf.1 username.mappings

admin.conf.1 //為備份1     config.php3         naslist.conf.2

admin.conf.2      default.vals        sql.attrmap

admin.conf.3      extra.ldap-attrmap sql.attrs

11.[root@localhost conf]# cat admin.conf//檢視主配置檔案如下：

general_prefered_lang: en

general_prefered_lang_name: English

general_charset: iso-8859-1

general_base_dir: /usr/share/dialup_admin

general_radiusd_base_dir: /usr

general_domain: company.com

general_use_session: no

general_most_recent_fl: 30

general_realm_delimiter: @

general_realm_format: suffix

general_show_user_password: yes

general_raddb_dir: /etc/raddb

general_ldap_attrmap: /etc/raddb/ldap.attrmap

general_clients_conf: /etc/raddb/clients.conf

general_sql_attrmap: %{general_base_dir}/conf/sql.attrmap

general_accounting_attrs_file: %{general_base_dir}/conf/accounting.attrs

general_extra_ldap_attrmap: %{general_base_dir}/conf/extra.ldap-attrmap

general_username_mappings_file: %{general_base_dir}/conf/username.mappings

general_lib_type: mysql

general_user_edit_attrs_file: %{general_base_dir}/conf/user_edit.attrs

general_sql_attrs_file: %{general_base_dir}/conf/sql.attrs

general_default_file: %{general_base_dir}/conf/default.vals

general_finger_type: snmp

general_nas_type: cisco

general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger

general_sessionclear_bin: %{general_base_dir}/bin/clearsession

general_sessionclear_method: snmp

general_radclient_bin: /usr/bin/radclient

general_test_account_login: test

general_test_account_password: test

general_radius_server: localhost

general_radius_server_port: 1812

general_radius_server_auth_proto: chap

general_radius_server_secret: testing123

general_auth_request_file: %{general_base_dir}/conf/auth.request

general_encryption_method: clear

general_accounting_info_order: desc

general_stats_use_totacct: no

general_restrict_badusers_access: no

general_restrict_nasadmin_access: no

INCLUDE: %{general_base_dir}/conf/naslist.conf

INCLUDE: %{general_base_dir}/conf/captions.conf

ldap_server: ldap.%{general_domain}

ldap_base: dc=company,dc=com

ldap_binddn: cn=Directory Manager

ldap_bindpw: XXXXXXX

ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base}

ldap_default_dn: uid=default-dialup,%{ldap_base}

ldap_regular_profile_attr: dialupregularprofile

sql_type: mysql

sql_server: localhost

sql_port: 3306

sql_username: root

sql_password: 123456

sql_database: radius

sql_accounting_table: radacct

#sql_badusers_table: badusers

sql_check_table: radcheck

sql_reply_table: radreply

#sql_user_info_table: userinfo

sql_groupcheck_table: radgroupcheck

sql_groupreply_table: radgroupreply

#sql_usergroup_table: radusergroup

sql_total_accounting_table: totacct

sql_nas_table: nas

sql_show_all_groups: true

sql_command: /usr/bin/mysql

general_snmp_type: net

general_snmpwalk_command: /usr/local/bin/snmpwalk

general_snmpget_command: /usr/local/bin/snmpget

#sql_debug: true

#sql_use_user_info_table: true

#sql_use_operators: true

sql_password_attribute: User-Password

sql_date_format: Y-m-d

sql_full_date_format: Y-m-d H:i:s

sql_row_limit: 40

sql_connect_timeout: 3

counter_default_daily: none

counter_default_weekly: none

counter_default_monthly: none

[root@localhost conf]# cat naslist.conf//配置檔案二

nas1_name: nas1.%{general_domain}

nas1_model: Computer

nas1_ip: 192.168.40.39

nas1_port_num: 16

nas1_community: public

//

as1_model: Computer 為nas型別

nas1_ip: 192.168.40.39 為nas ip

nas可新增多個修改nas號則可。

[root@localhost conf]# cat captions.conf//配置檔案三

general_caption_finger_free_lines: free lines

12.配置mysql資料庫和建立資料庫radius

[root@localhost conf]# service mysqld start//啟動mysqld服務

[root@localhost conf]mysqladmin -u root password “your password” //兩種方法設定root連線mysql的密碼。

使用mysql庫

mysql> use mysql

修改root密碼

mysql> update user set password=password(“123456″) where user=”root”;

mysql> flush privileges;

[root@localhost conf]mysql -uroot -p123456 -e “create database radius;” //建立資料庫radius

mysql> use radius;

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

[root@localhost mysql]# pwd

/etc/raddb/sql/mysql

[root@localhost mysql]# ls//把帶.sql的檔案全部倒入radius資料中

admin.sql cui.conf dialup.conf ippool.sql schema.sql wimax.sql

counter.conf cui.sql ippool.conf nas.sql wimax.conf

mysql> use radius;//進入資料庫radius

Database changed

mysql> show tables;//show表為空

Empty set (0.00 sec)

mysql>source /etc/raddb/sql/mysql/admin.sql //利用source匯入資料庫

mysql>source /etc/raddb/sql/mysql/cui.sql

mysql>source /etc/raddb/sql/mysql/ippool.sql

mysql>source /etc/raddb/sql/mysql/as.sql

mysql>source /etc/raddb/sql/mysql/schema.sql

mysql>source /etc/raddb/sql/mysql/wimax.sql

還有一種方法就是用[root@localhost mysql]#mysql -uroot -p radius </etc/raddb/sql/mysql/admin.sql//其它省略

使用mysql庫

mysql> use mysql

修改radius密碼

mysql> update user set password=password(“radius”) where user=”radius”;

mysql> flush privileges;

建立radius資料庫使用者

mysql> grant all privileges on radius.* to radius@localhost identified by “radius”;

mysql> flush privileges;

mysql> exit

//

相信結果不會讓你滿意.因為伺服器比較的是加密的值,所以伺服器連線一定失敗.這裡需要說明的是flush privileges;這條命令起到了重新載入授權表.你也可以在shell下直接用mysqladmin -u root

reload或者mysqladmin -u root flush-privileges來實現過載授權表.在Mysql環境下,你可以使用以下語句進行設定密碼:

1.insert into user(host,user,password) values(`%`,`user_name`,password(“your password”);

2.set password for user_name = password(“your password”)

以上兩種方法都必須進行過載授權表.

3.當然你也可以在建立一個使用者時直接設定密碼,grant語句將為你自動加密口令.

如 grant all on *.* to user_name@% identified by “your password”;

另外你也可以在shell環境下用mysqladmin程式來設定密碼

如 mysqladmin -u root password “your password”

13.啟動apache服務

[root@localhost conf]# service httpd start

Stopping httpd: [ OK ]

Starting httpd: [ OK ]

配置test.php

[root@localhost mysql]# cat /var/www/html/test.php

<?php

phpinfo();

?>

14.最後客戶端ie瀏覽器http://ip/test.php如果看到資訊說明是好的，如果要進入freeradius-dialupadmin，直接http://ip/radius/即可.

本文轉自zh888 51CTO部落格，原文連結：http://blog.51cto.com/zh888/861742，如需轉載請自行聯絡原作者

radius+httpd+php+mysql+dialupadmin總結

相關文章