centos6.5下安裝freeradius2.2.9+mysql

平臺centos6.5 x86_64

1，安裝源並更新
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum update -y

2，安裝相關庫
yum -y install wget expat-devel gcc make gmp-devel gmp pkgconfig perl libpcap gcc-c++ logrotate tar cpio gawk flex bison bison-devel lsof libpcap-devel patch openssl openssl-devel libgcrypt* crypt* autoconf automake libtasn1-devel zlib zlib-devel trousers trousers-devel texinfo libnl-devel libnl dbus dbus-devel ncurses-devel readline-devel libtool-ltdl libtalloc* hiredis* redhat-lsb python

3，安裝Mysql

rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el6-5.noarch.rpm
yum install -y mysql-community-server mysql-devel
chkconfig mysqld on
service mysqld start
mysql_secure_installation設置root密碼、移除test數據庫

4，編譯安裝freeradius

wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.2.9.tar.gz

tar zxvf freeradius-server-2.2.9.tar.gz 

cd freeradius-server-2.2.9

./configure

make && make install

5，測試

vi /usr/local/etc/raddb/users

找到這一行
#steve Cleartext-Password:="testing" 

將前面的#去掉
steve   Cleartext-Password := "testing"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 172.16.3.33,
        Framed-IP-Netmask = 255.255.255.0,
        Framed-Routing = Broadcast-Listen,
        Framed-Filter-Id = "std.ppp",
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobsen-TCP-IP
 
調試模式命令：
radiusd -X

提示Refusing to start with libssl version OpenSSL 1.0.1e-fips

vi /usr/local/etc/raddb/radiusd.conf

找到allow_vulnerable_openssl = no,修改爲allow_vulnerable_openssl = yes

再次啓動radiusd -X 最後顯示Ready to process requests.說明服務成功啓動

新打開一個終端
終端輸入命令：radtest steve testing localhost 0 testing123

得到結果：

Sent Access-Request Id 50 from 0.0.0.0:34461 to 127.0.0.1:1812 length 75
        User-Name = "steve"
        User-Password = "testing"
        NAS-IP-Address = 106.186.116.69
        NAS-Port = 0
        Message-Authenticator = 0x00
        Cleartext-Password = "testing"
Received Access-Accept Id 50 from 127.0.0.1:1812 to 0.0.0.0:0 length 71
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = 172.16.3.33
        Framed-IP-Netmask = 255.255.255.0
        Framed-Routing = Broadcast-Listen
        Filter-Id = "std.ppp"
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobson-TCP-IP

accept！貌似成了

6，讓radius和mysql融合

vi /usr/local/etc/raddb/radiusd.conf 
$INCLUDE  sql.conf 去掉該行註釋

vi /usr/local/etc/raddb/sql.conf 定義鏈接數據庫用戶名和密碼
database = "mysql"
login = "radius"
password = "radpass"

vi /usr/local/etc/raddb/sites-available/default
將authorize，accounting，session，post_auth段的sql關鍵字前的註釋去掉，如：

post-auth {
  ....
  sql
  .... 
  Post-Auth-Type REJECT {
      # Login failed: log to SQL database.
      sql
  }
}

輸入mysql -u root -p，輸入密碼
1)創建數據庫並導入radius數據結構
mysql>create database radius;
mysql>grant all on radius.* to 'radius'@'localhost' identified by 'radpass';
mysql>flush privileges;

# mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/schema.sql
# mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/nas.sql
# mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/ippool.sql
# mysql -u root -p radius < /usr/local/etc/raddb/sql/mysql/wimax.sql

2)創建組（在此新建組名稱爲user）
mysql>use radius;
mysql>insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local'); 
mysql>insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User'); 
mysql>insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.255'); 
mysql>insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');

3)創建用戶（在此新建用戶名爲test，密碼爲testpwd）
mysql>insert into radcheck (username,attribute,op,value) values ('test','Cleartext-Password',':=','testpwd');

4)將用戶加入組中：
mysql>insert into radusergroup (username,groupname) values ('test','user');
mysql>exit

測試：radiusd -X，在另外一終端執行radtest test testpwd localhost 1812 testing123
得到結果
Sending Access-Request of id 247 to 127.0.0.1 port 1812
        User-Name = "test"
        User-Password = "testpwd"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=247, length=38
        Service-Type = Framed-User
        Framed-IP-Address = 255.255.255.255
        Framed-IP-Netmask = 255.255.255.0
Accept！說明成了。

接下來加須要認證的服務器，好比
vi /usr/local/etc/raddb/clients.conf
[root@localhost raddb]# vi clients.conf 追加 client 192.168.10.8{     secret          = testing123(認證的密鑰)     shortname       = jp01 } 認證去吧。。。^_^