1、使用yum安装即可,确定安装的是freeradius2,而不是1。如果以前又freeradius,先卸载 yum remove freeradius 安装 yum install freeradius2 yum install freeradius2-utils //这个含radtest,用户测试 默认freeradius是使用files方式认证用户,如果不使用数据库,到此安装就搞定了 2、安装完成后就修改配置文件。 vi /etc/raddb/users 找到steve,注释去掉,将steve改成你的用户名。可以建立多个用户,如下: dalon Cleartext-Password := "testing" test Cleartext-Password := "testing123" 3、 测试 可执行文件为 /usr/sbin/radius /usr/sbin/radius -X //debug模式运行,可以看到详细过程。 radtest 测试server是否能响应: radtest test testing localhost 0 testing123 test和testing分别为用户名和密钥,对于配置文件users里面的内容。 localhost为配置文件clients.conf中的内容,默认针对localhost密钥为testing123 0 意思为NAS-PORT 0,默认为0,所以不用配置。见文件 /etc/raddb/radiusd.conf中配置,如下: listen { ipaddr = * //监听IPV4所有地址 # ipv6addr = :: port = 0 //nas-port type = acct # interface = eth0 # clients = per_socket_clients } 测试正确的结果如下(下面是测试IPV6): [root@CentOS ~]# radtest -6 test test123 ::1 0 testing123 Sending Access-Request of id 44 to ::1 port 1812 User-Name = "test" User-Password = "test123" NAS-IPv6-Address = ::1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host ::1 port 1812, id=44, length=20 4、将服务器改成监听IPV6 需要修改文件 a) /etc/raddb/radiusd.conf 将两个listen {}中 ipaddr = * 注掉,ipv6addr = :: 取消注释 b) /etc/raddb/clients.conf 将localhost中的监听地址改成ipv6的,如下: client localhost { ipv6addr = ::1 # any. ::1 == localhost 建立一组client(下面的例子是3000::/64网段为例,也可以使用::/0): client 3000::/64 { secret = testing123 shortname = ipv6client //为区别名,和别的组不一样即可 } 5. 验证通过的debug信息: rad_recv: Access-Request packet from host 3000::abcd port 60378, id=232, length=45 User-Name = "dalon" User-Password = "testing" # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "dalon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry dalon at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "testing" [pap] Using clear text password "testing" [pap] User authenticated successfully ++[pap] returns ok # Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 232 to 3000::abcd port 60378 Finished request 29. Going to the next request Waking up in 4.9 seconds. Cleaning up request 29 ID 232 with timestamp +531 Ready to process requests. (责任编辑:IT) |