note from : www.vpsserver.com/community/t…mysql
From this tutorial we will try to install a freeradius server on Ubuntu 14.04 64bit distro with mysql support.sql
This tutorial requires will require the following ingredients to setup freeradius+mysql:ubuntu
We shall be making a basic freeradius setup with a mysql database for storing user credentials and other information.session
Let us first update our distro so we can be sure we will be able to install the required applicationsapp
sudo apt-get update
複製代碼
Then will will install freeradius, just do.post
sudo apt-get install freeradius freeradius-mysql
複製代碼
'freeradius-mysql' is a required freeradius module so we can communicate with the mysql server.ui
Next, we will need to edit the default file to change the AAA mechanism of freeradius from file system to sql server.this
nano /etc/freeradius/sites-enabled/default
複製代碼
Then we will have to comment out every line where it says 'file' and un-comment the lines which says 'sql'.spa
authorize {
# files
sql
}
authenticate {
}
preacct {
# files
}
accounting {
sql
}
session {
sql
}
post-auth {
sql
Post-Auth-Type REJECT {
# log failed authentications in SQL, too.
sql
attr_filter.access_reject
}
}
複製代碼
Next, we will go to the main radius configuration file. We will enable the mysql module so we can use it later on.debug
nano /etc/freeradius/radiusd.conf
複製代碼
We will un-comment the line:
$INCLUDE sql.conf
複製代碼
we will enter our mysql server access credentials into radius.
nano /etc/freeradius/sql.conf
複製代碼
edit the file and supply your mysql credentials.
sql {
database = "mysql"
server = "localhost"
login = "sampleuser"
password = "samplepassword"
radius_db = "radius"
#uncomment read_groups
read_groups = yes
#uncomment readclients
readclients = yes
}
複製代碼
Enter Mysql root and create the radius database and user.
CREATE DATABASE radius;
CREATE USER 'sampleuser'@'localhost' IDENTIFIED BY 'samplepassword';
GRANT ALL PRIVILEGES ON *.* TO 'sampleuser'@'localhost';
FLUSH PRIVILEGES;
複製代碼
Next, we will have to import the sql file for freeradius into the 'radius' database. The schema.sql and nas.sql file is located at '/etc/freeradius/sql/mysql' folder.
mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql;
mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql;
複製代碼
It is important that we enter the correct freeradius values into the radius database for Freeradius to correctly read it, otherwise, Freeradius will throw an error during operation. The informations we want to enter are for the following:
Freeradius client ip and secret
Users name and password
Freeradius check values for groups and indvidual users.
Freeradius reply values for groups and individual users.
複製代碼
First, we will enter the freeradius client information into the nas table.
INSERT INTO nas VALUES (NULL , '0.0.0.0/0, 'myNAS', 'other', NULL , 'mysecret', NULL , NULL , 'RADIUS Client');
複製代碼
Then we will enter user information into the radcheck table.
INSERT INTO radcheck (username, attribute, op, value) VALUES ('thisuser', 'User-Password', ':=', 'thispassword');
複製代碼
Then we need to assign the user a group.
INSERT INTO radusergroup (username, groupname, priority) VALUES ('thisuser', 'thisgroup', '1');
複製代碼
After that we assign the reply properties for the group in the radgroupreply table.
INSERT INTO radgroupreply (groupname, attribute, op, value) VALUES ('thisgroup', 'Service-Type', ':=', 'Framed-User'), ('thisgroup', 'Framed-Protocol', ':=', 'PPP'), ('thisgroup', 'Framed-Compression', ':=', 'Van-Jacobsen-TCP-IP');
複製代碼
All is done for now.
To test the setup we will have to run freeradius in debug mode. We will execute the below command.
service freeradius stop
freeradius -X
複製代碼
To check if freeradius is running, you should see the following lines in your screen.
...
Ready to process requests.
複製代碼
Download NTRAdPing (Windows only) and enter the following information.
Your Freeradius server ip
Your username and password (you entered into radcheck earlier)
Your secret (you entered into nas table earlier)
Port is standard 1812 for authentication (do not change it)
複製代碼
If your test is successful you will see the
Access-Accept
複製代碼