Freeradius安装配置

发表于 分类于 阅读次数: 本文字数: 2.5k 阅读时长 ≈ 2 分钟

编译安装 freeradius-server

freeRADIUS WIKI

先更新软件

1
2
$sudo apt update
$sudo apt upgrade

在 git 仓库里 clone freeradius-server

1
2
$ git clone https://github.com/FreeRADIUS/freeradius-server.git
$ cd freeradius-server

检查版本,如果需要的话要用 git checkout 切换版本

1
2
3
$ git status
On branch v4.0.x
Your branch is up-to-date with 'origin/v4.0.x'.

查看依赖并安装

1
$ vim doc/developer/dependencies.rst

根据说明,安装 libtalloc 和 kqueue 依赖

1
2
$ sudo apt install libtalloc2 libtalloc-dev
$ sudo apt-get install libkqueue-dev

查看安装说明

1
$ vim INSTALL.rst

进行普通安装,如果需要改变配置直接参考说明文档即可

1
$ ./configure

check 出错:

1
configure: error: FreeRADIUS requires support for the C11 _Generic keyword

原因:

1
You need gcc at least 4.9 with C11 support to build development branches (v3.1.x or v4.0.x).

解决方法:

1
To build the latest stable versions
1
2
3
4
$ git checkout release_3_0_11
$./configure
$ make
$ sudo make install

安装成功后测试

先关闭 freeradius 服务

1
$ sudo service freeradiusd stop

然后以 debug 方式启动 freeradius

1
$ sudo radiusd -X

然后在另一个终端里启动测试程序

1
$ radtest test test localhost 0 testing123

如果收到

1
2
3
4
5
6
7
8
9
Sent Access-Request Id 94 from 0.0.0.0:58263 to 127.0.0.1:1812 length 74
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "test"
Received Access-Reject Id 94 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject

说明连接测试成功

安装 MySQL

1
$ sudo apt install mysql

配置 MySQL 和 freeradius 的连接

进入 MySQL 管理界面,并创先 Radius 表和用户并导入表

1
2
3
4
5
6
7
8
9
10
11
$ mysql -uroot -p
> CREATE DATABASE radius;
> use radius;
> source /etc/freeradius/sql/mysql/admin.sql;
admin.sql 里面可以修改 raidius 的账号密码,但也需要在 raddb/sql.conf 中修改
> source /etc/freeradius/sql/mysql/schema.sql;
> source /etc/freeradius/sql/mysql/ippool.sql;
> source /etc/freeradius/sql/mysql/schema.sql;
> source /etc/freeradius/sql/mysql/wimax.sql;
> source /etc/freeradius/sql/mysql/cui.sql;
> source /etc/freeradius/sql/mysql/nas.sql;

配置 freeradius

配置文件在/usr/local/etc/raddb

1
# cd /usr/local/etc/raddb

仔细阅读 radiusd.conf

打开 radius 的 sql 模块

1
# ln -s ../mods-available/sql

将数据库配置变为 mysql,并且取消用户名密码端口 ip 这一组注释

1
# radius -X

检查启动信息,如果出现

1
rlm_sql_mysql: Connected to database 'radius' on Localhost via UNIX socket, server version 5.5.54-0ubuntu0.14.04.1, protocol version 10

说明 mysql 连接成功

配置用户密码

1
# vim users

加入一行

1
radius Cleartext-Password := "radpass"

然后再次进行 radtest 测试,并重启 radiusd 服务

1
2
3
4
5
6
7
8
9
10
# radtest radius radpass localhost 1812 testing123

Sent Access-Request Id 74 from 0.0.0.0:59423 to 127.0.0.1:1812 length 76
User-Name = "radius"
User-Password = "radpass"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Message-Authenticator = 0x00
Cleartext-Password = "radpass"
Received Access-Accept Id 74 from 127.0.0.1:1812 to 0.0.0.0:0 length 20

可以看到,已经连接成功