CentOS 5.4 pptp + freeradius2 +mysql +daloradius完美整合(圖文並茂) 一、安裝相關配置包
1、安裝httpd、mysql及php相關包 [plain] 1. [root@localhost ~]# yum -y install httpd httpd-devel mysql mysql-server mysql-devel 2. [root@localhost ~]# yum -y install php php-devel php-mysql php-common php-gd php-mbstring php-mcry 2、配置httpd服務: [plain] 1. [root@localhost ~]# netstat -ant |grep 80 2. [root@localhost ~]# /etc/init.d/httpd start 3. Starting httpd: [ OK ] 4. [root@localhost ~]# vi /etc/sysconfig/iptables 5. [root@localhost ~]# grep 80 /etc/sysconfig/iptables 6. -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT #增加此行 7. [root@localhost ~]# /etc/init.d/iptables restart 8. Flushing firewall rules: [ OK ] 9. Setting chains to policy ACCEPT: filter nat [ OK ] 10. Unloading iptables modules: [ OK ] 11. Applying iptables firewall rules: [ OK ] 12. Loading additional iptables modules: ip_conntrack_netbios_n[ OK ] 13. [root@localhost ~]# chkconfig httpd --list 14. httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off 15. [root@localhost ~]# chkconfig httpd on #設置httpd自動啟動 16. [root@localhost ~]# chkconfig httpd --list 17. httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off 18. [root@localhost ~]# netstat -ant |grep 80 19. tcp 0 0 :::80 :::* LISTEN 3、啟動mysql數據庫: [plain] 1. [root@localhost ~]# /etc/init.d/mysqld start 2. Initializing MySQL database: Installing MySQL system tables... 3. OK 4. Filling help tables... 5. OK 6. 7. To start mysqld at boot time you have to copy 8. support-files/mysql.server to the right place for your system 9. 10. PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! 11. To do so, start the server, then issue the following commands: 12. /usr/bin/mysqladmin -u root password 'new-password' 13. /usr/bin/mysqladmin -u root -h localhost.localdomain password 'new-password' 14. 15. Alternatively you can run: 16. /usr/bin/mysql_secure_installation 17. 18. See the manual for more instructions. 19. 20. You can start the MySQL daemon with: 21. cd /usr ; /usr/bin/mysqld_safe & 22. 23. You can test the MySQL daemon with mysql-test-run.pl 24. cd mysql-test ; perl mysql-test-run.pl 25. 26. Please report any problems with the /usr/bin/mysqlbug script! 27. 28. The latest information about MySQL is available on the web at 29. http://www.mysql.com 30. Support MySQL by buying support/licenses at http://shop.mysql.com 31. [ OK ] 32. Starting mysqld: [ OK ] 4、設置數據庫密碼; [plain] 1. [root@localhost ~]# mysqladmin -u root password 'leekwen' 5、安裝Freeradius2相關包 [plain] 1. [root@localhost ~]# yum install -y freeradius2 freeradius2-mysql freeradius2-utils 6、啟動radius進程,調試模式: [plain] 1. [root@localhost ~]# radiusd -X 2. FreeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu, built on Jan 9 2013 at 05:02:57 3. Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 4. ... adding new socket proxy address * port 51738 5. Listening on authentication address * port 1812 6. Listening on accounting address * port 1813 7. Listening on command file /var/run/radiusd/radiusd.sock 8. Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel 9. Listening on proxy address * port 1814 10. Ready to process requests.
7、開啟另外一個終端進行測試,如圖:
8、如果結果與上圖不同,請臨時關閉防火牆後,臨時關閉防火牆命令如下:
[plain] 1. [root@localhost ~]# iptables -F 重新運行測試命令: [plain] 1. [root@localhost ~]# radtest steve testing localhost 1812 testing123 ############## # !!error !! # ############## Failed binding to authentication address * port 1812: Address already in use /etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812
請先用 lsof 命令查看,再用 killall -9 radiusd命令結束後,重新開啟服務後,在進行測試!
二、下載ppp源碼文件,集成ppp client:
1、下載源碼:
[plain] 1. [root@localhost ~]# wget ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz 2. --2013-07-01 18:33:36-- ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz 3. => `ppp-2.4.4.tar.gz' 4. Resolving ftp.samba.org... 216.83.154.106, 2001:470:1f05:1a07::1 5. Connecting to ftp.samba.org|216.83.154.106|:21... connected. 6. Logging in as anonymous ... Logged in! 7. ==> SYST ... done. ==> PWD ... done. 8. ==> TYPE I ... done. ==> CWD /pub/ppp ... done. 9. ==> SIZE ppp-2.4.4.tar.gz ... 688763 10. ==> PASV ... done. ==> RETR ppp-2.4.4.tar.gz ... done. 11. Length: 688763 (673K) 12. 13. 100%[===========================================>] 688,763 135K/s in 5.3s 14. 15. 2013-07-01 18:33:45 (127 KB/s) - `ppp-2.4.4.tar.gz' saved [688763] 2、解壓並做相關配置 [plain] 1. [root@localhost ~]# tar zxf ppp-2.4.4.tar.gz 2. [root@localhost ~]# cp -R ppp-2.4.4/pppd/plugins/radius/etc/ /etc/radiusclient 3. [root@localhost ~]# cp /etc/radiusclient/radiusclient.conf /etc/radiusclient/radiusclient.conf.bak 4. [root@localhost ~]# vi /etc/radiusclient/radiusclient.conf 5. 行號 修改前的配置文件 修改後的配置文件 6. 25 issue /usr/local/etc/radiusclient/issue 修改為:issue /etc/radiusclient/issue 7. 46 servers /usr/local/etc/radiusclient/servers 修改為:servers /etc/radiusclient/servers 8. 50 dictionary /usr/local/etc/radiusclient/dictionary 修改為:dictionary /etc/radiusclient/dictionary 9. 61 mapfile /usr/local/etc/radiusclient/port-id-map 修改為:mapfile /etc/radiusclient/port-id-map 說明:修改相關配置文件的路徑,確保radiusclient.conf這個文件中radiusclient相關的路徑都是“/etc/radiusclient”開頭的. 3、配置字典文件: [plain] 1. [root@localhost ~]# ls -l /etc/radiusclient/dictionary* 2. -rw-r--r-- 1 root root 7656 Jul 1 18:34 /etc/radiusclient/dictionary 3. -rw-r--r-- 1 root root 12295 Jul 1 18:34 /etc/radiusclient/dictionary.ascend 4. -rw-r--r-- 1 root root 1395 Jul 1 18:34 /etc/radiusclient/dictionary.compat 5. -rw-r--r-- 1 root root 599 Jul 1 18:34 /etc/radiusclient/dictionary.merit 6. -rw-r--r-- 1 root root 2649 Jul 1 18:34 /etc/radiusclient/dictionary.microsoft 7. [root@localhost ~]# vi /etc/radiusclient/dictionary 8. 行號 文件內容 9. 253 INCLUDE /etc/radiusclient/dictionary.microsoft 10. 254 INCLUDE /etc/radiusclient/dictionary.merit #增加此行 11. 255 INCLUDE /etc/radiusclient/dictionary.ascend #增加此行 12. 256 INCLUDE /etc/radiusclient/dictionary.compat #增加此行
4、在pptpd服務中添加freeradius插件:
[plain] 1. [root@localhost ~]# vi /etc/ppp/options.pptpd 2. 行號 文件內容 3. 128 # put plugins here 4. 129 # (putting them higher up may cause them to sent messages to the pty) 5. 130 plugin /usr/lib/pppd/2.4.4/radius.so #增加此行 6. 131 plugin /usr/lib/pppd/2.4.4/radattr.so #增加此行 7. 132 radius-config-file /etc/radiusclient/radiusclient.conf #增加此行 8. [root@localhost ~]# tail -n 3 /etc/ppp/options.pptpd 9. plugin /usr/lib/pppd/2.4.4/radius.so 10. plugin /usr/lib/pppd/2.4.4/radattr.so 11. radius-config-file /etc/radiusclient/radiusclient.conf
三、建立radius數據庫及導入相應的數據庫表: 可采用命令或使用Navicat for MySQL工具來完成:
1、radius中提供了mysql的導入文件: [plain] 1. [root@localhost ~]# ls /etc/raddb/sql/mysql/*.sql -l 2. -rw-r----- 1 root radiusd 661 Jan 9 02:04 /etc/raddb/sql/mysql/admin.sql 3. -rw-r----- 1 root radiusd 452 Jan 9 02:04 /etc/raddb/sql/mysql/cui.sql 4. -rw-r----- 1 root radiusd 761 Jan 9 02:04 /etc/raddb/sql/mysql/ippool.sql 5. -rw-r----- 1 root radiusd 399 Jan 9 02:04 /etc/raddb/sql/mysql/nas.sql 6. -rw-r----- 1 root radiusd 4318 Jan 9 02:04 /etc/raddb/sql/mysql/schema.sql 7. -rw-r----- 1 root radiusd 407 Jan 9 02:04 /etc/raddb/sql/mysql/wimax.sql
2、這裡采用了命令方式,首先建立radius數據庫: 為了方便以後使用Navicat for MySQL工具管理Mysql數據庫,所以做了權限等方便的修改:
3、具體操作可復制代碼:
[plain] 1. [root@localhost ~]# mysql -uroot -p 2. Enter password: 3. Welcome to the MySQL monitor. Commands end with ; or \g. 4. Your MySQL connection id is 4 5. Server version: 5.0.95 Source distribution 6. 7. Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. 8. 9. Oracle is a registered trademark of Oracle Corporation and/or its 10. affiliates. Other names may be trademarks of their respective 11. owners. 12. 13. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. 14. 15. mysql> show databases; 16. +--------------------+ 17. | Database | 18. +--------------------+ 19. | information_schema | 20. | mysql | 21. | test | 22. +--------------------+ 23. 3 rows in set (0.00 sec) 24. 25. mysql> CREATE DATABASE radius DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; 26. Query OK, 1 row affected (0.00 sec) 27. 28. mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'leekwen' WITH GRANT OPTION; 29. Query OK, 0 rows affected (0.00 sec) 30. 31. mysql> flush PRIVILEGES; 32. Query OK, 0 rows affected (0.00 sec) 33. 34. mysql> \q; 35. Bye 36. [root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/admin.sql 37. Enter password: 38. [root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/cui.sql 39. Enter password: 40. [root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/ippool.sql 41. Enter password: 42. [root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/nas.sql 43. Enter password: 44. [root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/schema.sql 45. Enter password: 46. [root@localhost ~]# mysql -uroot -p radius < /etc/raddb/sql/mysql/wimax.sql 47. Enter password: 4、防火牆中關於數據庫相關的設置: [plain] 1. [root@localhost ~]# grep 3306 /etc/sysconfig/iptables 2. [root@localhost ~]# vi /etc/sysconfig/iptables 3. [root@localhost ~]# /etc/init.d/iptables restart 4. Flushing firewall rules: [ OK ] 5. Setting chains to policy ACCEPT: filter nat [ OK ] 6. Unloading iptables modules: [ OK ] 7. Applying iptables firewall rules: [ OK ] 8. Loading additional iptables modules: ip_conntrack_netbios_n[ OK ] 9. [root@localhost ~]# grep 3306 /etc/sysconfig/iptables 10. -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
四、修改radius的相關配置文件:
[plain] 1. [root@localhost ~]# cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.bak 2. [root@localhost ~]# vi /etc/raddb/radiusd.conf 3. 行號 | 修改後配置 | 未修改的配置 4. 700 | $INCLUDE sql.conf | # $INCLUDE sql.conf <------去掉注釋# 5. 712 | $INCLUDE sql/mysql/counter.conf| # $INCLUDE sql/mysql/counter.conf <------去掉注釋# 6. 7. [root@localhost ~]# cp /etc/raddb/sql.conf /etc/raddb/sql.conf.bak 8. [root@localhost ~]# vi /etc/raddb/sql.conf 9. 行號 | 修改後配置 | 未修改的配置 10. 38 | login = "root" | login = "radius" <------修改連接mysql的用戶名 11. 39 | password = "leekwen" | password = "radpass"<------修改連接mysql的密碼 12. 100 | readclients = yes | #readclients = yes <------去掉注釋#
說明:如果在運行radiusd -X 時會加載配置文件; 如果看到加載的配置文件時,出現下面的錯誤:
!!! Error !!!
Duplicate virtual server "inner-tunnel" in file /etc/raddb/sites-enabled/inner-tunnel:11
and file /etc/raddb/sites-enabled/inner-tunnel.bak:11
請將/etc/raddb/sites-enabled/inner-tunnel.bak 與 /etc/raddb/sites-enabled/default.bak全部刪除,
這也是為什麼下面在編輯前沒有備份這兩個文件的原因:
[plain] 1. [root@localhost ~]# vi /etc/raddb/sites-enabled/default 2. 行號 | 修改後配置 | 未修改的配置 3. 170 # files | files <------增加注釋# 4. 177 sql | # sql <------去掉注釋# 5. 372 # files | files <------增加注釋# 6. 406 sql | # sql <------去掉注釋# 7. 454 sql | # sql <------去掉注釋# 8. 475 sql | # sql <------去掉注釋# 9. 10. [root@localhost ~]# vi /etc/raddb/sites-enabled/inner-tunnel 11. 行號 | 修改後配置 | 未修改的配置 12. 124 # files | files <------增加注釋# 13. 131 sql | # sql <------去掉注釋# 14. 255 sql | # sql <------去掉注釋# 15. 277 sql | # sql <------去掉注釋#
2、啟動radiusd服務,並在數據庫總插入測試賬號,並查看測試結果!
3、測試通過後,修改默認密鑰密碼:
[plain] 1. [root@localhost ~]# cp /etc/raddb/clients.conf /etc/raddb/clients.conf.bak 2. [root@localhost ~]# vi /etc/raddb/clients.conf 3. 4. 行號 | 修改後配置 | 未修改的配置 5. 101 secret = leekwen | secret = testing123
4、重新啟動相關服務後,進行數據庫用戶測試!
5、此測試通過後,進行客戶端的撥號連接,並在服務端查看客戶端的撥號日志:
6、到此,已經完成了pptpd + freeradius2 + mysql 三者之間的整合.
