PPTP-***第二章——使用mysql進行用戶登陸認證
在上一篇文章中記錄了pptp ***的建立過程和簡單實用測試,其中用戶名和密碼均使用文本數據庫/etc/ppp/chap-secrets,小規模用戶下,尚可以使用這種登錄驗證方式,若是用戶數多了,則須要將用戶登陸驗證方式修改成查詢數據庫,在本文中將介紹如何將pptp ***的用戶名和密碼認證信息存儲在mysql數據庫中。php
前文傳送門:http://ylw6006.blog.51cto.com/470441/1794577mysql
1、安裝和配置整合mysql-server和freeradius,和前文同樣採用rpm方式安裝sql
1、安裝軟件包數據庫
#yum -y install mysql* freeradius* session
2、配置數據庫socket
# service mysqld start
# mysql
mysql> use mysql
mysql> delete from user where user='';
mysql> update user set password=PASSWORD('password');
mysql> flush privileges;
mysql> create database radius;
mysql> use radius;
mysql> source /etc/raddb/sql/mysql/admin.sql;
mysql> source /etc/raddb/sql/mysql/cui.sql;
mysql> source /etc/raddb/sql/mysql/nas.sql;
mysql> source /etc/raddb/sql/mysql/schema.sql;
mysql> source /etc/raddb/sql/mysql/wimax.sql;
mysql> insert into radcheck (Username,Attribute,op,Value)
values ('yang','password','==','yang123!')
3、修改配置文件,注意,第一行爲行號,對應的行修改爲相應的值ide
# vi /etc/raddb/radiusd.conf
700 $INCLUDE sql.conf
# vi /etc/raddb/sql.conf
28 database = "mysql"
33 driver = "rlm_sql_${database}"
36 server = "localhost"
38 login = "root"
39 password = "password"
42 radius_db = "radius"
50 acct_table1 = "radacct"
51 acct_table2 = "radacct"
100 readclients = yes
# vi /etc/raddb/sites-enabled/default
69 authorize {
170 # files
177 sql
252 authenticate {
297 # unix
333 preacct {
372 # files
389 # unix
406 sql
449 session {
454 sql
461 post-auth {
475 sql
# vi /etc/raddb/sites-enabled/inner-tunnel
125 # files
132 sql
224 # unix
256 sql
276 sql
四、測試radius和mysql的整合oop
# radtest yang yang123! 127.0.0.1 10 testing123post
出現rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=101, length=20提示,表明radius和mysql整合成功。測試
這裏面tesing123爲密碼
# grep -v '^#' /etc/raddb/clients.conf |grep -v '#' |grep -v '^$'
2、整合pptp和freeradius
1、查看操做系統所安裝ppp版本
# rpm -qa |grep ppp
ppp-2.4.5-10.el6.x86_64
2、下載對應版本的源碼包並修改配置文件
下載地址:http://download.chinaunix.net/download.php?id=35207&ResourceID=8334
# tar -zxvpf ppp-2.4.5.tar.gz # mkdir /etc/ppp/radius # cp -R ppp-2.4.5/pppd/plugins/radius/etc/ /etc/ppp/radius/ # cat /etc/ppp/radius/etc/radiusclient.conf auth_order radius login_tries 4 login_timeout 60 nologin /etc/nologin issue /etc/ppp//radius/etc/issue authserver localhost:1812 acctserver localhost:1813 servers /etc/ppp/radius/etc/servers dictionary /etc/ppp/radius/etc/dictionary login_radius /usr/local/sbin/login.radius seqfile /var/run/radius.seq mapfile /etc/ppp/radius/etc/port-id-map default_realm radius_timeout 10 radius_retries 3 login_local /bin/login # tail -4 /etc/ppp/radius/etc/dictionary INCLUDE /etc/ppp/radius/etc/dictionary.microsoft INCLUDE /etc/ppp/radius/etc/dictionary.ascend INCLUDE /etc/ppp/radius/etc/dictionary.merit INCLUDE /etc/ppp/radius/etc/dictionary.compat
三、修改options.pptpd配置文件
# tail -2 /etc/ppp/options.pptpd plugin /usr/lib64/pppd/2.4.5/radius.so radius-config-file /etc/ppp/radius/etc/radiusclient.conf
4、修改radius認證密鑰
# grep -v '^#' /etc/ppp/radius/etc/servers localhost tesing123
3、客戶端撥號測試與debug
客戶端撥號報錯:rc_check_reply: received invalid reply digest from RADIUS server
把radiusd服務運行在調試模式下觀察日誌輸出,並未發現任何報錯信息
#service radiusd stop
#radiusd -X
rad_recv: Access-Request packet from host 127.0.0.1 port 43268, id=213, length=148
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "yang"
MS-CHAP-Challenge = 0x939a7b4308644d99c2f5f9b777207c42
MS-CHAP2-Response = 0xbc00666bc61ad32272c3ea4db4937b4bd9b4000000000000000000f4da56184820a839a25c1ba0fc5a9f239bf6be4fed9da2
Calling-Station-Id = "27.151.123.121"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] = ok
++[digest] = noop
[suffix] No '@' in User-Name = "yang", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[sql] expand: %{User-Name} -> yang
[sql] sql_set_user escaped user --> 'yang'
rlm_sql (sql): Reserving sql socket id: 30
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'yang' ORDER BY id
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'yang' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'yang' ORDER BY priority
rlm_sql (sql): Released sql socket id: 30
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] = noop
+} # group authorize = ok
Found Auth-Type = MSCHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/raddb/sites-enabled/default
+group MS-CHAP {
[mschap] Creating challenge hash with username: yang
[mschap] Client is using MS-CHAPv2 for yang, we need NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] = ok
+} # group MS-CHAP = ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+group post-auth {
[sql] expand: %{User-Name} -> yang
[sql] sql_set_user escaped user --> 'yang'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} ->
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'yang', '', 'Access-Accept', '2016-06-29 17:05:21')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'yang', '', 'Access-Accept', '2016-06-29 17:05:21')
rlm_sql (sql): Reserving sql socket id: 29
rlm_sql (sql): Released sql socket id: 29
++[sql] = ok
++[exec] = noop
+} # group post-auth = ok
Sending Access-Accept of id 213 to 127.0.0.1 port 43268
Password == "yang123!"
MS-CHAP2-Success = 0xbc533d42383941354543303444354634354438323638414534323146323944344144443935424246433130
MS-MPPE-Recv-Key = 0xf60049baea9bf3462b5b90d8311848fd
MS-MPPE-Send-Key = 0x59e4dc74e5310b0fdb7ef0bf10ff10f4
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 213 with timestamp +11
Ready to process requests.
經過google搜索發現一個重要信息,參考文檔:
https://community.ubnt.com/t5/EdgeMAX/PPTP-L2TP-Radius-Problem/td-p/630855
修改secert爲test以後重啓radiusd和pptpd服務,從新撥號測試。發現一切正常!
數據庫中記錄的客戶端撥號信息
至此,PPTP ×××用戶登錄採用mysql數據庫和freeradiusd服務認證配置完成,對撥號用戶的流量控制和同一時刻只容許一個終端登陸將在下文中介紹,盡情期待!
相關文章
- 1. nginx 用戶登陸認證
- 2. jwt用戶登陸認證
- 3. MongoDB配置用戶名和密碼進行認證登陸
- 4. 限制用戶通過ssh密鑰進行認證登陸
- 5. Node.js 使用 JWT 進行用戶認證
- 6. laravel7使用auth進行用戶認證
- 7. Node.js 使用JWT進行用戶認證
- 8. 使用Cookie進行無驗證登陸
- 9. (MVC)驗證用戶是否登陸 登陸認證
- 10. 用戶驗證用戶是否登陸,登陸之後才能進行操做
- 更多相關文章...
- • MySQL刪除用戶(DROP USER) - MySQL教程
- • MySQL創建用戶(CREATE USER) - MySQL教程
- • Composer 安裝與使用
- • 使用Rxjava計算圓周率
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. Appium入門
- 2. Spring WebFlux 源碼分析(2)-Netty 服務器啓動服務流程 --TBD
- 3. wxpython入門第六步(高級組件)
- 4. CentOS7.5安裝SVN和可視化管理工具iF.SVNAdmin
- 5. jedis 3.0.1中JedisPoolConfig對象缺少setMaxIdle、setMaxWaitMillis等方法,問題記錄
- 6. 一步一圖一代碼,一定要讓你真正徹底明白紅黑樹
- 7. 2018-04-12—(重點)源碼角度分析Handler運行原理
- 8. Spring AOP源碼詳細解析
- 9. Spring Cloud(1)
- 10. python簡單爬去油價信息發送到公衆號
歡迎關注本站公眾號,獲取更多信息
相關文章