FreeRadius and MySQL *-*By ChinaLonen:
FREERADIUS Materials from: http://www.frontios.com/freeradius.html
MYSQL:
一、對MYSQL資料庫的基本處理;(安裝、添加)
1、添加mysql用戶及用戶組
# groupadd mysql
# useradd -g mysql mysql
2、修改mysql目錄許可權
# chown -R root /usr/local/mysql4
# chgrp -R mysql /usr/local/mysql4
# chown -R mysql /usr/local/mysql4/data
3、生成mysql系統資料庫
# /usr/local/mysql/scripts/mysql_install_db --user=mysql&
4、啟動mysql服務
# /usr/local/mysql4/bin/mysqld_safe --user=mysql&
5、###故障處理:
""mysql dead but subsys locked
解決辦法如下:
# rm -fr /var/lib/mysql/*
# rm /var/lock/subsys/mysqld
rm: remove regular empty file `/var/lock/subsys/mysqld'? yes
shell> killall mysqld
shell> service mysqld start
# /etc/rc.d/init.d/mysqld status
mysqld (pid 5457) is running...
###資料庫運行正常;
+++++++++++++++++++++++++++++++++++++++++++++++++++
二、RADIUS的獲取和安裝
1、wget ftp://ftp.freeradius.org/pub/radius/freeradius-1.1.6.tar.bz2
tar xvf freeradius.tar.gz
cd freeradius
./configure
make
make install
2、、Need to add options to ./configure if you installed MySQL
1 - Edit /usr/local/etc/raddb/clients.conf and enter the details of your NAS unit(s);
2 - Edit /usr/local/etc/raddb/users and create an example user account.
3 - Edit /usr/local/etc/raddb/realms.--?For what?
4 - At this point you should be able to manually fired up /usr/local/sbin/radiusd. You should do this with the debug turned on
so you can see what happens:
/usr/local/sbin/radiusd -X
+++++++++++++++++++++++++++++++++++++++++++++++++++
二、銜接RADIUS,做前期的準備:
1、連接資料庫
# mysql -u mysql -p -S /var/lib/mysql/mysql.sock
Enter password:
ERROR 1045 (28000): Access denied for user 'mysql'@'localhost' (using password: YES)
# mysql -u mysql -S /var/lib/mysql/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 12 to server version: 4.1.7
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>
2、建立資料庫:
mysql> create database radius;
Query OK, 1 row affected (0.01 sec)
mysql> use radius;
Database changed
2、創建RADIUS賬戶:
mysql> grant all on * to 'radius'@'%' identified by 'radius123';
Query OK, 0 rows affected (0.00 sec)
三、安裝RADIUS*(完整)
1、
#./configure --with-prefix=/usr/local/freeradius \
--with-experimental-modules \
--with-rlm-sql-lib-dir=/usr/lib/mysql/ \
--with-rlm-sql-include-dir=/usr/local/mysql4 /*指定MYSQL資料庫的位置*/
#gmake;gmake make
2、
初始化資料庫,
文件的具體位置:
#/usr/share/doc/freeradius-1.0.1/db_mysql.sql
編輯db_mysql.sql,去掉nas建表腳本中的id 欄位
定義中,去掉 default '0' 字元.
3、登錄到mysql,運行mysql -uradius -pradius
運行 use radius ;
4、運行mysql> source /usr/share/doc/freeradius-1.0.1/db_mysql.sql
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.00 sec)
5、運行 mysql> insert radcheck(UserName,Attribute,Value) values ('test','Password','test');
Query OK, 1 row affected (0.00 sec)
運行 commit;
6、修改sql.conf的配置文件;
# vi /usr/local/etc/raddb/sql.conf
修改sql.conf,sql { 下面
login = 'radius'
password = 'radius123'
radius_db = 'radius'
註釋 sql_user_name = "%{User-Name" ,此行前加#號
去掉 sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT 行前的#號
7、修改radiusd.conf
# vi /usr/local/etc/raddb/radiusd.conf
去掉所有單項的 sql 前面所有的 # 號 分別在:第1859 2021 2043 2064行
在所有的單項的 unix 和 files 前面加 # 號 unix:分別在 612行 1946、2004;file: 1067 1852 1987
8、參照:clients.conf
# vi /usr/local/etc/raddb/clients.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
# /usr/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
rlm_eap: Loaded and initialized type leap
rlm_eap: Loaded and initialized type gtc
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Instantiated realm (suffix)
Module: Loaded files
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
Module: Instantiated detail (detail)
Module: Loaded radutmp
Module: Instantiated radutmp (radutmp)
Initializing the thread pool...
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
Populating MySQL
You should now created some dummy data in the database to test against. It goes something like this:
* In usergroup, put entries matching a user account name to a group name.
* In radcheck, put an entry for each user account name with a 'Password' attribute with a value of their password.
* In radreply, create entries for each user-specific radius reply attribute against their username
* In radgroupreply, create attributes to be returned to all group members
Here's a dump of tables from the 'radius' database from mysql on my test box (edited slightly for clarity). This example includes three users, one with a dynamically assigned IP by the NAS (fredf), one assigned a static IP (barney), and one representing a dial-up routed connection (dialrouter):
mysql> select * from usergroup;
+----+---------------+-----------+
| id | UserName | GroupName |
+----+---------------+-----------+
| 1 | fredf | dynamic |
| 2 | barney | static |
| 2 | dialrouter | netdial |
+----+---------------+-----------+
3 rows in set (0.00 sec)
mysql> select * from radcheck;
+----+----------------+----------------+------------------+------+
| id | UserName | Attribute | Value | Op |
+----+----------------+----------------+------------------+------+
| 1 | fredf | Password | wilma | == |
| 2 | barney | Password | betty | == |
| 2 | dialrouter | Password | dialup | == |
+----+----------------+----------------+------------------+------+
3 rows in set (0.02 sec)
mysql> select * from radgroupcheck;
+----+------------+-------------------+---------------------+------+
| id | GroupName | Attribute | Value | Op |
+----+------------+-------------------+---------------------+------+
| 1 | dynamic | Auth-Type | Local | := |
| 2 | static | Auth-Type | Local | := |
| 3 | netdial | Auth-Type | Local | := |
+----+------------+-------------------+---------------------+------+
3 rows in set (0.01 sec)
mysql> select * from radreply;
+----+------------+-------------------+---------------------------------+------+
| id | UserName | Attribute | Value | Op |
+----+------------+-------------------+---------------------------------+------+
| 1 | barney | Framed-IP-Address | 1.2.3.4 | := |
| 2 | dialrouter | Framed-IP-Address | 2.3.4.1 | := |
| 3 | dialrouter | Framed-IP-Netmask | 255.255.255.255 | := |
| 4 | dialrouter | Framed-Routing | Broadcast-Listen | := |
| 5 | dialrouter | Framed-Route | 2.3.4.0 255.255.255.248 | := |
| 6 | dialrouter | Idle-Timeout | 900 | := |
+----+------------+-------------------+---------------------------------+------+
6 rows in set (0.01 sec)
mysql> select * from radgroupreply;
+----+-----------+--------------------+---------------------+------+
| id | GroupName | Attribute | Value | Op |
+----+-----------+--------------------+---------------------+------+
| 34 | dynamic | Framed-Compression | Van-Jacobsen-TCP-IP | := |
| 33 | dynamic | Framed-Protocol | PPP | := |
| 32 | dynamic | Service-Type | Framed-User | := |
| 35 | dynamic | Framed-MTU | 1500 | := |
| 37 | static | Framed-Protocol | PPP | := |
| 38 | static | Service-Type | Framed-User | := |
| 39 | static | Framed-Compression | Van-Jacobsen-TCP-IP | := |
| 41 | netdial | Service-Type | Framed-User | := |
| 42 | netdial | Framed-Protocol | PPP | := |
+----+-----------+--------------------+---------------------+------+
12 rows in set (0.01 sec)
我需要配置FreeRadius+Mysql+Openser的伺服器。可是出現很多問題。
我的系統是 fedora 6 (有人說這個OS很差,但是公司要用這個,我也沒辦法:em16: )
我裝了Mysql-5.0.41-linux-i686-glibc23運作正常。
然後是FreeRadius-1。1。6, 不知道這個版本的Freeradius 能不能在fedora 上正常運行。反正第一次我用它配置mysql-5.0.22時找不到 rlm_sql_mysql.so 然後不能啟動。後來換裝了Mysql-5.0.41-linux-i686-glibc23 還有Mysql-devel-5.0.41-0.glibc23.i386.rpm。現在打算重新配置freeradius+Mysql.
有那位高手成功配置過FreeRadius+Mysql+Openser, 請多多指教,給我一些建議。
[火星人 ] FreeRadius+Mysql的完整配置和測試已經有547次圍觀