原创技术整理：FreeRadius+Mysql的完整配置和测试

chinalonen

FreeRadius and MySQL  *-*By ChinaLonen:

FREERADIUS Materials from: http://www.frontios.com/freeradius.html
MYSQL:
一、对MYSQL数据库的基本处理；（安装、添加）
1、添加mysql用户及用户组
# groupadd mysql
# useradd -g mysql mysql
2、修改mysql目录权限
# chown -R root /usr/local/mysql4
# chgrp -R mysql /usr/local/mysql4
# chown -R mysql /usr/local/mysql4/data
3、生成mysql系统数据库
# /usr/local/mysql/scripts/mysql_install_db --user=mysql&
4、启动mysql服务
# /usr/local/mysql4/bin/mysqld_safe --user=mysql&
5、###故障处理：
   
""mysql dead but subsys locked
解决办法如下:
[root@longtelchina ~]# rm -fr /var/lib/mysql/*
[root@longtelchina ~]# rm /var/lock/subsys/mysqld
rm: remove regular empty file `/var/lock/subsys/mysqld'? yes
shell> killall mysqld
shell> service mysqld start
[root@longtelchina ~]# /etc/rc.d/init.d/mysqld status
mysqld (pid 5457) is running...
###数据库运行正常；

+++++++++++++++++++++++++++++++++++++++++++++++++++  

二、RADIUS的获取和安装
1、wget  ftp://ftp.freeradius.org/pub/radius/freeradius-1.1.6.tar.bz2
      tar  xvf  freeradius.tar.gz
      cd  freeradius
      ./configure
      make
      make install
2、、Need to add options to ./configure if you installed MySQL
1 - Edit /usr/local/etc/raddb/clients.conf and enter the details of your NAS unit(s);
2 - Edit /usr/local/etc/raddb/users and create an example user account.
3 - Edit /usr/local/etc/raddb/realms.--?For what?
4 -  At this point you should be able to manually fired up /usr/local/sbin/radiusd. You should do this with the debug turned on

so you can see what happens:
/usr/local/sbin/radiusd -X
+++++++++++++++++++++++++++++++++++++++++++++++++++  
二、衔接RADIUS，做前期的准备：
1、连接数据库
[root@longtelchina bin]# mysql -u  mysql -p -S /var/lib/mysql/mysql.sock
Enter password:
ERROR 1045 (28000): Access denied for user 'mysql'@'localhost' (using password: YES)
[root@longtelchina bin]# mysql -u  mysql -S /var/lib/mysql/mysql.sock
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 12 to server version: 4.1.7

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

2、建立数据库：
mysql> create database radius;
Query OK, 1 row affected (0.01 sec)
mysql> use radius;
Database changed
2、创建RADIUS账户：
mysql> grant all on * to 'radius'@'%' identified by 'radius123';
Query OK, 0 rows affected (0.00 sec)

三、安装RADIUS*(完整）
1、
#./configure --with-prefix=/usr/local/freeradius \
--with-experimental-modules \
--with-rlm-sql-lib-dir=/usr/lib/mysql/ \
--with-rlm-sql-include-dir=/usr/local/mysql4  /*指定MYSQL数据库的位置*/
#gmake;gmake make
2、
初始化数据库，
文件的具体位置：
[root@longtelchina rlm_sql_mysql]#/usr/share/doc/freeradius-1.0.1/db_mysql.sql
编辑db_mysql.sql,去掉nas建表脚本中的id 字段
定义中，去掉 default '0' 字符.
3、登录到mysql,运行mysql -uradius -pradius
运行 use radius ;
4、运行mysql> source /usr/share/doc/freeradius-1.0.1/db_mysql.sql
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.01 sec)
Query OK, 0 rows affected (0.00 sec)
5、运行 mysql>  insert radcheck(UserName,Attribute,Value) values ('test','Password','test');
Query OK, 1 row affected (0.00 sec)
运行 commit;
6、修改sql.conf的配置文件；
[root@longtelchina bin]# vi /usr/local/etc/raddb/sql.conf
修改sql.conf,sql { 下面
login = 'radius'
password = 'radius123'
radius_db = 'radius'
注释 sql_user_name = "%{User-Name" ,此行前加#号
去掉 sql_user_name = "%{Stripped-User-Name:-%{User-NameEFAULT   行前的#号

7、修改radiusd.conf
[root@longtelchina bin]# vi /usr/local/etc/raddb/radiusd.conf
去掉所有单项的 sql 前面所有的 # 号 分别在：第1859 2021 2043 2064行
在所有的单项的 unix 和 files 前面加 # 号 unix:分别在 612行 1946、2004；file: 1067 1852 1987
8、参照：clients.conf
[root@longtelchina bin]# vi /usr/local/etc/raddb/clients.conf


+++++++++++++++++++++++++++++++++++++++++++++++++++  

[root@zhao lonen]# /usr/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
rlm_eap: Loaded and initialized type leap
rlm_eap: Loaded and initialized type gtc
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Instantiated realm (suffix)
Module: Loaded files
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
Module: Instantiated detail (detail)
Module: Loaded radutmp
Module: Instantiated radutmp (radutmp)
Initializing the thread pool...
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.

chinalonen

Populating MySQL

You should now created some dummy data in the database to test against. It goes something like this:

    * In usergroup, put entries matching a user account name to a group name.
    * In radcheck, put an entry for each user account name with a 'Password' attribute with a value of their password.
    * In radreply, create entries for each user-specific radius reply attribute against their username
    * In radgroupreply, create attributes to be returned to all group members

Here's a dump of tables from the 'radius' database from mysql on my test box (edited slightly for clarity). This example includes three users, one with a dynamically assigned IP by the NAS (fredf), one assigned a static IP (barney), and one representing a dial-up routed connection (dialrouter):

      mysql> select * from usergroup;
      +----+---------------+-----------+
      | id | UserName      | GroupName |
      +----+---------------+-----------+
      |  1 | fredf         | dynamic   |
      |  2 | barney        | static    |
      |  2 | dialrouter    | netdial   |
      +----+---------------+-----------+
      3 rows in set (0.00 sec)

      mysql> select * from radcheck;
      +----+----------------+----------------+------------------+------+
      | id | UserName       | Attribute      | Value            | Op   |
      +----+----------------+----------------+------------------+------+
      |  1 | fredf          | Password       | wilma            | ==   |
      |  2 | barney         | Password       | betty            | ==   |
      |  2 | dialrouter     | Password       | dialup           | ==   |
      +----+----------------+----------------+------------------+------+
      3 rows in set (0.02 sec)

      mysql> select * from radgroupcheck;

      +----+------------+-------------------+---------------------+------+
      | id | GroupName  | Attribute         | Value               | Op   |
      +----+------------+-------------------+---------------------+------+
      |  1 | dynamic    | Auth-Type         | Local               | :=   |
      |  2 | static     | Auth-Type         | Local               | :=   |
      |  3 | netdial    | Auth-Type         | Local               | :=   |
      +----+------------+-------------------+---------------------+------+
      3 rows in set (0.01 sec)

      mysql> select * from radreply;

      +----+------------+-------------------+---------------------------------+------+
      | id | UserName   | Attribute         | Value                           | Op   |
      +----+------------+-------------------+---------------------------------+------+
      |  1 | barney     | Framed-IP-Address | 1.2.3.4                         | :=   |
      |  2 | dialrouter | Framed-IP-Address | 2.3.4.1                         | :=   |
      |  3 | dialrouter | Framed-IP-Netmask | 255.255.255.255                 | :=   |
      |  4 | dialrouter | Framed-Routing    | Broadcast-Listen                | :=   |
      |  5 | dialrouter | Framed-Route      | 2.3.4.0 255.255.255.248         | :=   |
      |  6 | dialrouter | Idle-Timeout      | 900                             | :=   |
      +----+------------+-------------------+---------------------------------+------+
      6 rows in set (0.01 sec)

      mysql> select * from radgroupreply;
      +----+-----------+--------------------+---------------------+------+
      | id | GroupName | Attribute          | Value               | Op   |
      +----+-----------+--------------------+---------------------+------+
      | 34 | dynamic   | Framed-Compression | Van-Jacobsen-TCP-IP | :=   |
      | 33 | dynamic   | Framed-Protocol    | PPP                 | :=   |
      | 32 | dynamic   | Service-Type       | Framed-User         | :=   |
      | 35 | dynamic   | Framed-MTU         | 1500                | :=   |
      | 37 | static    | Framed-Protocol    | PPP                 | :=   |
      | 38 | static    | Service-Type       | Framed-User         | :=   |
      | 39 | static    | Framed-Compression | Van-Jacobsen-TCP-IP | :=   |
      | 41 | netdial   | Service-Type       | Framed-User         | :=   |
      | 42 | netdial   | Framed-Protocol    | PPP                 | :=   |
      +----+-----------+--------------------+---------------------+------+
      12 rows in set (0.01 sec)
MY QQ: 305132777

kaka_sun

顶
沙发
写的不错！

austeretown

我需要配置FreeRadius+Mysql+Openser的服务器。可是出现很多问题。

我的系统是 fedora 6 (有人说这个OS很差，但是公司要用这个，我也没办法 )

我装了Mysql-5.0.41-linux-i686-glibc23运作正常。

然后是FreeRadius-1。1。6， 不知道这个版本的Freeradius 能不能在fedora 上正常运行。反正第一次我用它配置mysql-5.0.22时找不到 rlm_sql_mysql.so 然后不能启动。后来换装了Mysql-5.0.41-linux-i686-glibc23 还有Mysql-devel-5.0.41-0.glibc23.i386.rpm。现在打算重新配置freeradius+Mysql.

有那位高手成功配置过FreeRadius+Mysql+Openser, 请多多指教，给我一些建议。