免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 17475 | 回复: 8

[vpn] pptpd+radius+mysql -aesitatyieshas- 安装攻略(part3 mysql部分) [复制链接]

论坛徽章:
0
发表于 2006-02-10 16:30 |显示全部楼层

回复 1楼 i_amok 的帖子

好人呀

请问题密码能用加密形式吗?这个问题我一直无法解决,能提个方式或建议

论坛徽章:
0
发表于 2006-03-29 09:45 |显示全部楼层
想问一下LZ,mysql不需要安装吗???不安装的话,那怎么建数据库呢?

论坛徽章:
0
发表于 2006-03-29 09:46 |显示全部楼层
我非常关心这个话题,最近正在做一个radius服务器,但是网上的很多东西都不是原创的,都是互抄的,而且验证一下就失败。

论坛徽章:
0
发表于 2006-04-05 15:09 |显示全部楼层
rh as 4 里居然没有radius.so,意思是rhel4里的ppp居然不支持radius验证...
郁闷哦,又要自己编译了........

在GENTOO下编译方便得很,但是在rh里,就特别爱出错.

论坛徽章:
0
发表于 2006-06-02 14:51 |显示全部楼层
freenibs 一些说明, 关于安装正在查看

The possibility to send Accounting-Update packets to the RADIUS not only
   on time basis but also depending upon the volume of the received or
   transferred traffic (or both).
   Both "update-limit-in" and "update-limit-out" parameters defaults to 0.
   To set non-zero values one must do it in mpd.conf:

        set radius update-limit-in X
        set radius update-limit-out Y
    (where X, Y - are the traffic in bytes)

   Then, when the moment for the next-in-turn acct-update time comes, it is
   checked whether the limits are exceedeed. If they are not exceeded,
   update is not made (i.e. acct-update packets are not sent to RADIUS).
   The idea of it: not to overload the RADIUS and its logs.

3) Give ppp netgraph node name like "mpd-<name>" instead of "mpd<pid>-<name>".
   As the name length of netgraph node is restricted by 15 symbols, and the
   standard designation ppp node consists of "mpdNNNNN-pptpXX", more than 99
   nodes can not be made. Patch makes it possible to solve this problem.

4) Dropping the connection, if the RADIUS has sent vendor-specific attribute 154.
   When the attribute is 0 it means the continuation of the connection,  when it
   is set to 1 -- the connection should be dropped. The following lines should
   be added to the dictionary.mpd (VENDOR mpd 12341):
        -----
        ATTRIBUTEDrop-User154integermpd
        VALUEDrop-UserNo0
        VALUEDrop-UserYes1
        -----

5) New function RadiusGetCurrentParams().
   In the patch this function gets the Accounting-Response from the RADIUS
   and marks the moment when connection should be dropped ("Drop-User = Yes"
   attribute arrival).
   Hence, any developer may write additional code to this function to catch
   the reception of attributes she is interested with.
   The function RadiusGetParams() from the original mpd is used during
   the (re-)initialization phase only.

3. Mini - How-To

   1) Update limits
   This option may be interesting for those who use the tarification of the traffic.
   When update limits are non-zero a comparatively little time interval
   for acct-update can be configured and the required "update-limit-[in]|[out]"
   established. Internal statistics in mpd works once a minute in any case.
   That's why, if the line
        set radius acct-update 60
   is added to mdp.conf, mpd gets practically no additional work.
   The concrete limit values are certainly different for eveyone. But the
   initial values from 100000 to 1000000 seem quite reasonable to me.
   After that analyse the results and change the values. Up to individual limits
   per link.
   Hint: update limits work only when acct-update is switched on!

   2) Drop-user
   This option may be useful for those, who:
   - limit clients' traffic, and NAS does not support attribute Session-Octets-Limit;
   - use dynamic restrictions (formed, for example, by billing system):
     one login for several simultaneous sessions with the limitation by
     the time or/and by the traffic; in other cases when it is impossible
     to determine the restrictions at the beginning of the session.
     For mpd to drop the link, RADIUS must send this mere attribute with
     the value "Yes". But, possibly, not the RADIUS itself, but the billing
     system is responsible for the construction of such packet.

     That system processes accounting packets of the three types: Start, Stop,
     Update. "Stop" is of no interest in this context. "Start" employs other
     determination methods to see if mpd may start the session. It is
     reasonable to consider only "Update"-packets.

     When the limits are reached it is quite enough to add to the packet,
     meant to send the response to the RADIUS, the neccessary pair with the
     operator "=". Something like:

        New_Pair = Pair_Create("Drop-User", "Yes", T_OP_EQ);
        Pair_Add(Pairs_To_Reply, New_Pair);

  This technology was tested with freeradius-0.9.3, freenibs-0.0.3-bf3.
  The latter (open-source billing system) can be found at:
  http://nibs.net.ua, http://sourceforge.net/projects/nibs
   The patch, allowing to form the neccessary response to the RADIUS
for the subsequent transmission to mpd daemon. And as the result to
drop the connection:
--------
--- rlm_nibs.c.origMon Apr 12 22:27:58 2004
+++ rlm_nibs.cTue Apr 13 01:01:41 2004
@@ -1139,6 +1139,8 @@
radlog(L_INFO, querystr);
if (nibs_error != NULL) free(nibs_error);
nibs_user_kill(inst, request);
+ pair = pairmake("Drop-User", "Yes", T_OP_EQ);
+ pairadd(&request->reply->vps, pair);
}
}


http://www.opennet.ru/base/net/mpd_freerdius_nibs.txt.html
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP