- 论坛徽章:
- 0
|
ARA基于PHP5
Normal
0
7.8 磅
0
2
false
false
false
EN-US
ZH-CN
X-NONE
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:普通表格;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.5pt;
mso-bidi-font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-font-kerning:1.0pt;}
1.安装php5:
# tar jxvf php-5.2.6.tar.bz2
# cd php-5.2.6
# rpm -ivh /mnt/cdrom/CentOS/libxml2-2.6.26-2.1.2.1.i386.rpm
# rpm -ivh /mnt/cdrom/CentOS/libxml2-python-2.6.26-2.1.2.1.i386.rpm
# rpm -ivh --nodeps /mnt/cdrom/CentOS/pkgconfig-0.21-2.el5.i386.rpm
# rpm -ivh --nodeps /mnt/cdrom/CentOS/zlib-devel-1.2.3-3.i386.rpm
# rpm -ivh /mnt/cdrom/CentOS/libxml2-devel-2.6.26-2.1.2.1.i386.rpm
#./configure
--prefix=/usr/local/php
--with-apxs2=/usr/local/apache/bin/apxs
--with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-ldap=/usr/local/openldap/ --without-sqlite --without-pdo-sqlite
--with-gettext=/home/openldap/gettext-0.17 --enable-soap --enable-gd-native-ttf
--enable-ftp --enable-mbstring --enable-exif --disable-ipv6 --disable-cgi --disable-cli
#make
#make install
We can see that there’s so many parematers of configure php5.
These parematers make sure supporting mysql ,openldap,gettext……..
If you don’t want mysql debug information appearing on the web
interface,change as follows:
$config["sql_debug"] = FALSE;
The file /usr/local/ara/config/config.php:
$config["sql_driver"]
= "mysql";
$config["sql_server_host"] = "localhost";
$config["sql_server_port"] = "3306";
$config["sql_username"]
= "root";
$config["sql_passwd"]
= "mysql123";
$config["sql_db"]
= "radius";
$config["sql_encoding"]
= "utf8";
/* this probably needs no modification */
$config["sql_table_usergroup"] = "usergroup";
$config["sql_table_radacct"] = "radacct";
$config["sql_table_radreply"] = "radreply";
$config["sql_table_radcheck"] = "radcheck";
$config["sql_table_radgroupreply"] = "radgroupreply";
$config["sql_table_radgroupcheck"] = "radgroupcheck";
$config["sql_table_nas"] = "nas";
$config["sql_debug"] = FALSE;
The file /usr/local/php/lib/php.ini:
mysql.default_port = 3306
mysql.default_socket = /tmp/mysql.sock
; Default host for mysql_connect() (doesn't apply in safe mode).
mysql.default_host = localhost
; Default user for mysql_connect() (doesn't apply in safe mode).
mysql.default_user = root
; Default password for mysql_connect() (doesn't apply in safe mode).
; *Any* user with PHP access can run 'echo
get_cfg_var("mysql.default_password")
mysql.default_password = mysql123
mysql.connect_timeout = 60
mysql.trace_mode = Off
mysqli.max_links = -1
# rpm -ivh
/mnt/cdrom/CentOS/php-pear-1.4.9-4.el5.1.noarch.rpm
If it promopt independs ,following it will
resove the problem.
Then :
# pear channel-update pear.php.net
# pear install HTML_Template_Sigma
# cd /var/# svn co http://svn.asn.pl/ara/trunk ara-svn# cd /var/ara-svn/src# lsconfig htdocs lang lib modules template.html# cd /var/www/htdocs# ln -s /var/ara-svn/src/htdocs ara# cd ara# lsimg index.php style.css Then :
Edit index.php and search for this line:
define("ARA_PATH", "../"); Then:# cd /var/ara-svn/src/config# cp config.php.dist config.php 采用phpldapadmin管理ldap,发现添加radius.schema,无法调用相应的objectcalss,修改文件/usr/local/phpldapadmin/config/config.php 将language=“en”即可。
目前ara还不支持ldap,只支持mysql,所以我们也只做MySQL。
管理NAS:
1.
# vi
/etc/ppp/radius/radiusclient.conf
authserver 192.168.1.251:1812
acctserver 192.168.1.251:1813
2.
#vi /etc/ppp/radius/servers
#Server
Name or Client/Server pair
Key
#---------------- ---------------
#portmaster.elemental.net hardlyasecret
#portmaster2.elemental.net donttellanyone
localhost
testing123
192.168.1.251 testing123
3. 连接信息:
Listening on authentication address * port
1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host
192.168.1.251 port 32812, id=52, length=111
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "test3"
CHAP-Challenge = 0xb9a94f97d024cd6f73528f44cbd1f27bb7569b82
CHAP-Password = 0x5aea13713d0432c5192b9532bf08208fca
Calling-Station-Id = "00:1C:C4:CD:68:06"
NAS-IP-Address =
127.0.0.1
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
[sql]
expand: %{User-Name} -> test3
[sql] sql_set_user escaped user -->
'test3'
rlm_sql (sql): Reserving sql socket id: 4
[sql]
expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
username, attribute, value, op
FROM radcheck WHERE
username = 'test3' ORDER BY id
WARNING: Found User-Password ==
"...".
WARNING: Are you sure you don't mean
Cleartext-Password?
WARNING: See "man rlm_pap" for
more information.
[sql] User found in radcheck table
[sql]
expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
username, attribute, value, op
FROM radreply WHERE
username = 'test3' ORDER BY id
[sql]
expand: SELECT groupname
FROM usergroup WHERE
username = '%{SQL-User-Name}'
ORDER BY priority -> SELECT groupname FROM usergroup WHERE username = 'test3' ORDER BY priority
[sql]
expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id
-> SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname = 'user' ORDER BY id
[sql] User found in group user
[sql]
expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id
-> SELECT id, groupname, attribute,
value, op FROM
radgroupreply WHERE groupname =
'user' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = Local
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so
that the "known good"
!!!
!!! clear text password is in
Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: Please update your configuration,
and remove 'Auth-Type = Local'
WARNING: Use the PAP or CHAP modules
instead.
CHAP-Password is correct.
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 52 to
192.168.1.251 port 32812
Service-Type = Framed-User
Framed-IP-Netmask = 255.255.255.255
Finished request 0.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Accounting-Request packet from
host 192.168.1.251 port 32812, id=53, length=116
Acct-Session-Id = "4948BC150D8900"
User-Name = "test3"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "00:1C:C4:CD:68:06"
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Framed-IP-Address = 10.0.0.3
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Acct-Delay-Time = 0
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port =
0,Client-IP-Address = 192.168.1.251,NAS-IP-Address = 127.0.0.1,Acct-Session-Id
= "4948BC150D8900",User-Name = "test3"'
[acct_unique] Acct-Unique-Session-ID =
"06bebe854dc36bcb".
++[acct_unique] returns ok
[suffix] No '@' in User-Name =
"test3", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting {...}
[detail] expand:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
->
/usr/local/freeradius/var/log/radius/radacct/192.168.1.251/detail-20081217
[detail]
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to
/usr/local/freeradius/var/log/radius/radacct/192.168.1.251/detail-20081217
[detail] expand: %t -> Wed Dec 17 16:45:09
2008
++[detail] returns ok
++[unix] returns ok
[radutmp] expand:
/usr/local/freeradius/var/log/radius/radutmp ->
/usr/local/freeradius/var/log/radius/radutmp
[radutmp] expand: %{User-Name} -> test3
++[radutmp] returns ok
[sql]
expand: %{User-Name} -> test3
[sql] sql_set_user escaped user -->
'test3'
[sql]
expand: %{Acct-Delay-Time} -> 0
[sql]
expand: INSERT INTO
radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop,
acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S',
NULL, '0',
'%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: MYSQL check_error: 1054
received
[sql] Couldn't insert SQL accounting START
record - Unknown column 'xascendsessionsvrkey' in 'field list'
[sql]
expand: %{Acct-Delay-Time} -> 0
[sql]
expand: UPDATE radacct
SET acctstarttime = '%S', acctstartdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_start =
'%{Connect-Info}' WHERE
acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET acctstarttime = '2008-12-17 16:45:09', acctstartdelay = '0', connectinfo_start = '' WHERE acctsessionid = '4948BC150D8900' AND username = 'test3' AND nasipaddress = '127.0.0.1'
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
[attr_filter.accounting_response] expand: %{User-Name} -> test3
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns
updated
Sending Accounting-Response of id 53 to
192.168.1.251 port 32812
Finished request 1.
Cleaning up request 1 ID 53 with timestamp
+3
Going to the next request
Waking up in 4.7 seconds.
Cleaning up request 0 ID 52 with timestamp
+2
Ready to process requests.
对于软件方式的NAS,不能够实现web管理,基于硬件架构NAS的web管理,有待进一步研究。
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u2/68952/showart_1814122.html |
|
免费注册
发表于 2009-02-05 13:33