筆記: SETUP AND CONFIGURATION OF FREERADIUS + MYSQL ON UBUNTU 14.04 64BIT

note from : www.vpsserver.com/community/t…mysql

From this tutorial we will try to install a freeradius server on Ubuntu 14.04 64bit distro with mysql support.sql

PREREQUISITES

This tutorial requires will require the following ingredients to setup freeradius+mysql:ubuntu

  • an Ubuntu 14 64bit server
  • Root Access to the server
  • An SSH client (You can download putty or bitvise depends on your operating system and liking)

We shall be making a basic freeradius setup with a mysql database for storing user credentials and other information.session

INSTALLING FREERADIUS

Let us first update our distro so we can be sure we will be able to install the required applicationsapp

sudo apt-get update
複製代碼

Then will will install freeradius, just do.post

sudo apt-get install freeradius freeradius-mysql
複製代碼

'freeradius-mysql' is a required freeradius module so we can communicate with the mysql server.ui

Next, we will need to edit the default file to change the AAA mechanism of freeradius from file system to sql server.this

nano /etc/freeradius/sites-enabled/default
複製代碼

Then we will have to comment out every line where it says 'file' and un-comment the lines which says 'sql'.spa

authorize {
#	files
    sql
}
authenticate {
}
preacct {
#   files
}
accounting {
	sql
}
session {
	sql
}
post-auth {
	sql
	Post-Auth-Type REJECT {
    # log failed authentications in SQL, too.
    sql
    attr_filter.access_reject
    }
}
複製代碼

Next, we will go to the main radius configuration file. We will enable the mysql module so we can use it later on.debug

nano /etc/freeradius/radiusd.conf
複製代碼

We will un-comment the line:

$INCLUDE sql.conf
複製代碼

we will enter our mysql server access credentials into radius.

nano /etc/freeradius/sql.conf
複製代碼

edit the file and supply your mysql credentials.

sql {
	database = "mysql"
	server = "localhost"
	login = "sampleuser"
	password = "samplepassword"
	radius_db = "radius"
	#uncomment read_groups
	read_groups = yes
	#uncomment readclients
	readclients = yes
}
複製代碼

Enter Mysql root and create the radius database and user.

CREATE DATABASE radius;
CREATE USER 'sampleuser'@'localhost' IDENTIFIED BY 'samplepassword';
GRANT ALL PRIVILEGES ON *.* TO 'sampleuser'@'localhost';
FLUSH PRIVILEGES;
複製代碼

Next, we will have to import the sql file for freeradius into the 'radius' database. The schema.sql and nas.sql file is located at '/etc/freeradius/sql/mysql' folder.

mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql;
mysql -u root -p radius < /etc/freeradius/sql/mysql/nas.sql;
複製代碼

POPULATING RADIUS DATABASE

It is important that we enter the correct freeradius values into the radius database for Freeradius to correctly read it, otherwise, Freeradius will throw an error during operation. The informations we want to enter are for the following:

Freeradius client ip and secret 
Users name and password
Freeradius check values for groups and indvidual users.
Freeradius reply values for groups and individual users.
複製代碼

First, we will enter the freeradius client information into the nas table.

INSERT INTO nas VALUES (NULL , '0.0.0.0/0, 'myNAS', 'other', NULL , 'mysecret', NULL , NULL , 'RADIUS Client');
複製代碼

Then we will enter user information into the radcheck table.

INSERT INTO radcheck (username, attribute, op, value) VALUES ('thisuser', 'User-Password', ':=', 'thispassword');
複製代碼

Then we need to assign the user a group.

INSERT INTO radusergroup (username, groupname, priority) VALUES ('thisuser', 'thisgroup', '1');
複製代碼

After that we assign the reply properties for the group in the radgroupreply table.

INSERT INTO radgroupreply (groupname, attribute, op, value) VALUES ('thisgroup', 'Service-Type', ':=', 'Framed-User'), ('thisgroup', 'Framed-Protocol', ':=', 'PPP'), ('thisgroup', 'Framed-Compression', ':=', 'Van-Jacobsen-TCP-IP');
複製代碼

All is done for now.

TESTING FREERADIUS+MYSQL INSTALLATION

To test the setup we will have to run freeradius in debug mode. We will execute the below command.

service freeradius stop
freeradius -X
複製代碼

To check if freeradius is running, you should see the following lines in your screen.

...
Ready to process requests.
複製代碼

Download NTRAdPing (Windows only) and enter the following information.

Your Freeradius server ip
Your username and password (you entered into radcheck earlier)
Your secret (you entered into nas table earlier)
Port is standard 1812 for authentication (do not change it)
複製代碼

If your test is successful you will see the

Access-Accept
複製代碼
相關文章
相關標籤/搜索