freeRadius + daloRadius安装手册
一、 概念......................................................................................................................................... 2 二、 环境准备: ............................................................................................................................. 2 三、安装步骤: ............................................................................................................................... 2
1. 安装LAMP平台 yum install httpd mysql* php* .......................................................... 2 2. 安装freeradius yum install -y freeradius* .......................................................................... 2 3. 设置服务启动 ..................................................................................................................... 2 4. 修改mysql 密码 ................................................................................................................. 2 5. 重起服务器。 ..................................................................................................................... 2 6. 用radtest steve testing localhost 0 testing123进行测试, ................................................ 2 7. 登录Mysql创建radius库,并分配权限............................................................................. 3 8. 创建备份目录mkdir /root/freeradius-conf-backup ............................................................ 3 9. 配置FreeRadius支持sql.................................................................................................... 3 10. 安装daloradius ................................................................................................................. 4 11. 导入 mysql元数据 ........................................................................................................... 4 12. 配置daloRadius: ............................................................................................................ 4 13. 通过网页访问http://10.xx.0.7/radius ............................................................................... 5 14. 登入 http://10.xx.0.7/radius 用户名为administrator 密码为:radius, .................... 5 四、 FreeRadius管理 ..................................................................................................................... 6
1. NAS管理 ............................................................................................................................. 6 2. 防火墙添加Radius认证信息 ............................................................................................ 7 3. 限制用户并发,只允许一个用户登入.............................................................................. 8
一、概念
freeRadius为AAA Radius Llinux下开源解决方案,daloRadius为图形化web管理工具。
二、环境准备:
OS:Centos 6.5, 需要LAMP,Freeradius,以及daloRadius
三、安装步骤:
1. 安装LAMP平台 yum install httpd mysql* php* 2. 安装freeradius yum install -y freeradius* 3. 设置服务启动
chkconfig radiusd on chkconfig httpd on chkconfig mysqld on
4. 修改mysql 密码
mysqladmin -u root password 'xxx-xx123'
5. 重起服务器。
启动后radiusd -X进入调试模式
6. 用radtest steve testing localhost 0 testing123进行测试,
返回
Sending Access-Request of id 163 to 127.0.0.1 port 1812 User-Name = \
User-Password = \ NAS-IP-Address = 127.0.0.1 NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=163, length=20 说明正常
7. 登录Mysql创建radius库,并分配权限
mysql> create database radius;
mysql> grant all on radius.* to radius@localhost identified by 'xxx-xx123';
8. 创建备份目录mkdir /root/freeradius-conf-backup
cp /etc/raddb/radiusd.conf /root/freeradius-conf-backup/ 分别备份:/etc/raddb/radiusd.conf, /etc/raddb/sql.conf
9. 配置FreeRadius支持sql
vi/etc/raddb/radiusd.conf
$INCLUDE sql.conf #调用sql.conf配置,去除之前的#
vi /etc/raddb/sites-enabled/default #下两段中添加sql authorize { preprocess chap mschap digest suffix eap {
ok = return } files sql
expiration logintime pap }
accounting { detail
unix radutmp sql exec
attr_filter.accounting_response }
设置Freeradius sql连接信息:vi /etc/raddb/sql.conf database = \
driver = \ server = \ #port = 3306 login = \
password = \radius_db = \
10. 安装daloradius
Wget
http://nchc.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz tar zxvf daloradius-0.9-9.tar.gz
mv daloradius-0.9-9 /var/www/html/radius chown -R apache:apache /var/www/html/radius
11. 导入 mysql元数据
mysql -uroot -p xjradius < /etc/raddb/sql/mysql/schema.sql
mysql -uroot -p xjradius < /var/www/html/xjradius/contrib/db/mysql-daloradius.sql mysql -uroot -p radius /var/www/html/xjradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql
<
12. 配置daloRadius:
/var/www/html/radius/library/daloradius.conf.php $configValues['CONFIG_DB_ENGINE'] = 'mysql'; $configValues['CONFIG_DB_HOST'] = 'localhost'; $configValues['CONFIG_DB_PORT'] = '3306'; $configValues['CONFIG_DB_USER'] = 'radius'; $configValues['CONFIG_DB_PASS'] = 'xxx-xx123'; $configValues['CONFIG_DB_NAME'] = 'radius';
$configValues['CONFIG_FILE_RADIUS_PROXY'] = '/etc/raddb/proxy.conf';
$configValues['CONFIG_PATH_RADIUS_DICT'] = '';
$configValues['CONFIG_PATH_DALO_VARIABLE_DATA'] = '/var/www/html/radius/var';
13. 通过网页访问http://10.xx.0.7/radius
如果出现不能访问请查看apache日志 [root@radius xjradius]# cd /var/log/httpd/ [root@radius httpd]# more error_log
以下问题: (13)Permission denied: access to /radius denied 通过以下解决
查看SELinux状态:
/usr/sbin/sestatus -v ##如果SELinux status参数为enabled即为开启状态 SELinux status: enabled
getenforce ##也可以用这个命令检查 关闭SELinux:
临时关闭(不用重启机器):
setenforce 0 ##设置SELinux 成为permissive模式
##setenforce 1 设置SELinux 成为enforcing模式 修改配置文件需要重启机器: 修改/etc/selinux/config 文件
将SELINUX=enforcing改为SELINUX=disabled 重启机器即可
14. 登入 http://10.xx.0.7/radius 用户名为administrator 密码为:radius,
基本上会抱错出现以下信息,查看apache日志 (13)Permission denied: access to /radius denied
[Thu Nov 20 09:04:41 2014] [error] [client 10.0.1.5] File does not exist: /var/www/html/favicon.ico
[Thu Nov 20 09:29:17 2014] [error] [client 10.0.1.5] PHP Warning: include_once(DB.php): failed to open stream: No such f
ile or directory in /var/www/html/radius/library/opendb.php on line 84
[Thu Nov 20 09:29:17 2014] [error] [client 10.0.1.5] PHP Warning: include_once(): Failed opening 'DB.php' for inclusion
(include_path='.:/usr/share/pear:/usr/share/php') in /var/www/html/radius/library/opendb.php on line 84
出现以上问题是因为:新版本的daloradius连接数据库,需要安装数据库连接模块。php-pear-DB [root@radius xjradius]#yum clean all