| [作者] 贝塞尔曲线 [头衔]
认证会员(国内) [经验]
450 [等级]
平民 [发帖]
29 [回帖]
191 [登陆]
33
[发表时间]
2008/3/29 15:19:04 [楼主]
|
|
| 标题:
[原创]菜鸟日志(2)freeradius+mysql+eap无线认证part1 边配边写
|
我的系统是centOS4.6 这部分主要设置freeradius和mysql
首先检查以下包是否安装
[root@localhost ~]# rpm -qa | grep libtool
libtool-libs-1.5.6-4.EL4.2
libtool-1.5.6-4.EL4.2
[root@localhost ~]# rpm -qa | grep krb
pam_krb5-2.1.17-1
krbafs-devel-1.2.2-6
krbafs-1.2.2-6
krb5-devel-1.3.4-54
krb5-libs-1.3.4-54
krb5-workstation-1.3.4-54
[root@localhost ~]# rpm -qa | grep openssl
openssl-0.9.7a-43.17.el4_6.1
xmlsec1-openssl-1.2.6-3
openssl-devel-0.9.7a-43.17.el4_6.1
[root@localhost ~]#
如没有安装,则可用 yum 这个工具来安装
目前为止freeradius的最高版本为2.0.3,由于较1.1.7版本的配置文件有较大变动,本人配置以1.1.7为例
首先下载freeradius1.1.7
[root@localhost ~]# wget  ftp://ftp.freeradius.org:/pub/radius/freeradius-1.1.7.tar.gz
--01:26:35-- ftp://ftp.freeradius.org/pub/radius/freeradius-1.1.7.tar.gz
=> `freeradius-1.1.7.tar.gz.1'
Resolving ftp.freeradius.org... 66.135.41.84
Connecting to ftp.freeradius.org|66.135.41.84|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /pub/radius ... done.
==> PASV ... done. ==> RETR freeradius-1.1.7.tar.gz ... done.
[ <=> ] 3,156,228 22.86K/s
01:28:47 (24.51 KB/s) - `freeradius-1.1.7.tar.gz' saved [3156228]
解压并安装
tar -zxvf freeradius-1.1.7.tar.gz
cd freeradius-1.1.7
./configure --prefix=/usr/local/freeradius
make
make install
修改freeradius的配置文件sql.conf
vi /usr/local/freeradius/etc/raddb/sql.conf
修改3处地方
server = "localhost" #mysql服务器的地址,我使用的是本机数据库
login = "root" #访问用户名(不推荐用root)
password = "www.wonyen.net" #访问密码
保存退出
修改freeradius的配置文件client.conf
vi /usr/local/freeradius/etc/raddb/clients.conf
尾部增加
client 192.168.1.1 { #无线路由器的IP,可以是网段
secret = www.wonyen.net #radius和无线路由器的通讯密码
shortname = wonyen.net #shortname可以随便填写
}
保存退出
修改freeradius的配置文件user
vi /usr/local/freeradius/etc/raddb/users
找到并加#号注释掉两行,如下
# DEFAULT Auth-Type = System
# Fall-Through = 1
保存退出
修改freeradius的配置文件eap.conf
vi /usr/local/freeradius/etc/raddb/eap.conf
修改完毕后的内容如下
eap {
default_eap_type = md5
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
check_crl = yes
check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"
check_cert_cn = %{User-Name}
cipher_list = "DEFAULT"
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
}
mschapv2 {
}
}
保存退出
修改freeradius的配置文件
vi /usr/local/freeradius/etc/raddb/radiusd.conf
查找sql选项,并将注释去掉
将第1860、2023、2045、2067行 sql前的#号去掉
保存退出
接下来配置mysql
[root@localhost ~]# mysql -uroot -pwww.wonyen.net
mysql> create database radius;
mysql> quit;
[root@localhost ~]# mysql -uroot -pwww.wonyen.net radius < /root/freeradius-
1.1.7/doc/examples/mysql.sql #导入mysql数据库
[root@localhost ~]# mysql -uroot -pwww.wonyen.net
mysql> use radius;
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-
Type',':=','Local');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-
Type',':=','Framed-User');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-
Address',':=','255.255.255.254');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-
Netmask',':=','255.255.255.0');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Simultaneous-
Use',':=','1');
mysql> insert into radcheck (username,attribute,op,value) values ('wonyen1','User-
Password',':=','wonyen.net1'); #密码为明文存贮
mysql> insert into radcheck (username,attribute,op,value) values ('wonyen2','MD5-
Password',':=',md5('wonyen.net2')); #密码采用md5格式存贮
mysql> insert into usergroup (username,groupname) values ('wonyen1','user');
mysql> insert into usergroup (username,groupname) values ('wonyen2','user');
mysql> quit;
在调试模式下运行raidus
[root@localhost ~]# /usr/local/freeradius/sbin/radiusd -X
如果程序正常运行,最后三行如下
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
打开linux系统的另一个终端界面,测试mysql帐号是否可用
先测试未加密帐号wonyen1
[root@localhost ~]# /usr/local/freeradius/bin/radtest wonyen1 wonyen.net1 localhost 0 testing123
Sending Access-Request of id 134 to 127.0.0.1 port 1812
User-Name = "wonyen1"
User-Password = "wonyen.net1"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=134, length=38
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.0
[root@localhost ~]#
出现rad_recv: Access-Accept信息,表明测试通过
再测试MD5加密帐号wonyen2
[root@localhost ~]# /usr/local/freeradius/bin/radtest wonyen2 wonyen.net2 localhost 0 testing123
Sending Access-Request of id 130 to 127.0.0.1 port 1812
User-Name = "wonyen2"
User-Password = "wonyen.net2"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=130, length=38
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.0
[root@localhost ~]#
测试通过,已经为下一步打下了坚实的基础,本章就先到这,下一章节将介绍无线路由器及笔记本无线上网的设置
 分享到:
|
贝塞尔曲线重新编辑 2008/4/18 16:57:14
|
|
| [作者]jxkgd [头衔]版主 [经验]53120 [等级]大将
[发帖]644 [回帖]841 [登陆]481 [发表时间]2008/3/31 10:40:54 [1楼]
|
|
你喜欢用fedora还是红旗
|
|
|
|
|
| [作者]贝塞尔曲线 [头衔]认证会员(国内) [经验]450 [等级]平民
[发帖]29 [回帖]191 [登陆]33 [发表时间]2008/3/31 17:26:13 [2楼]
|
|
呵呵,centos是红帽的产品,我一直用它
|
|
|
|
|
|
|