二、RADIUS的获取和安装
1、wget ftp://ftp.freeradius.org/pub/radius/freeradius-1.1.6.tar.bz2
tar xvf freeradius.tar.gz
cd freeradius
./configure
make
make install
2、、Need to add options to ./configure if you installed MySQL
1 - Edit /usr/local/etc/raddb/clients.conf and enter the details of your NAS unit(s);
2 - Edit /usr/local/etc/raddb/users and create an example user account.
3 - Edit /usr/local/etc/raddb/realms.--?For what?
4 - At this point you should be able to manually fired up /usr/local/sbin/radiusd. You should do this with the debug turned on
so you can see what happens:
/usr/local/sbin/radiusd -X
+++++++++++++++++++++++++++++++++++++++++++++++++++
二、衔接RADIUS,做前期的准备:
1、连接数据库
[root@longtelchina bin]# mysql -u mysql -p -S /var/lib/mysql/mysql.sock
Enter password:
ERROR 1045 (28000): Access denied for user 'mysql'@'localhost' (using password: YES)
[root@longtelchina bin]# mysql -u mysql -S /var/lib/mysql/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 12 to server version: 4.1.7
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>
2、建立数据库:
mysql> create database radius;
Query OK, 1 row affected (0.01 sec)
mysql> use radius;
Database changed
2、创建RADIUS账户:
mysql> grant all on * to 'radius'@'%' identified by 'radius123';
Query OK, 0 rows affected (0.00 sec)
[root@zhao lonen]# /usr/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
rlm_eap: Loaded and initialized type leap
rlm_eap: Loaded and initialized type gtc
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Instantiated realm (suffix)
Module: Loaded files
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
Module: Instantiated detail (detail)
Module: Loaded radutmp
Module: Instantiated radutmp (radutmp)
Initializing the thread pool...
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.作者: chinalonen 时间: 2007-07-04 21:07 标题: 希望对大家有用!互相交流学习:) Populating MySQL
You should now created some dummy data in the database to test against. It goes something like this:
* In usergroup, put entries matching a user account name to a group name.
* In radcheck, put an entry for each user account name with a 'Password' attribute with a value of their password.
* In radreply, create entries for each user-specific radius reply attribute against their username
* In radgroupreply, create attributes to be returned to all group members
Here's a dump of tables from the 'radius' database from mysql on my test box (edited slightly for clarity). This example includes three users, one with a dynamically assigned IP by the NAS (fredf), one assigned a static IP (barney), and one representing a dial-up routed connection (dialrouter):