centos上的安装和调试freeradius
时间:2016-08-02 21:55 来源:linux.it.net.cn 作者:IT
1、使用yum安装即可,确定安装的是freeradius2,而不是1。如果以前又freeradius,先卸载
yum remove freeradius
安装
yum install freeradius2
yum install freeradius2-utils //这个含radtest,用户测试
默认freeradius是使用files方式认证用户,如果不使用数据库,到此安装就搞定了
2、安装完成后就修改配置文件。
vi /etc/raddb/users
找到steve,注释去掉,将steve改成你的用户名。可以建立多个用户,如下:
dalon Cleartext-Password := "testing"
test Cleartext-Password := "testing123"
3、 测试
可执行文件为 /usr/sbin/radius
/usr/sbin/radius -X //debug模式运行,可以看到详细过程。
radtest 测试server是否能响应:
radtest test testing localhost 0 testing123
test和testing分别为用户名和密钥,对于配置文件users里面的内容。
localhost为配置文件clients.conf中的内容,默认针对localhost密钥为testing123
0 意思为NAS-PORT 0,默认为0,所以不用配置。见文件 /etc/raddb/radiusd.conf中配置,如下:
listen {
ipaddr = * //监听IPV4所有地址
# ipv6addr = ::
port = 0 //nas-port
type = acct
# interface = eth0
# clients = per_socket_clients
}
测试正确的结果如下(下面是测试IPV6):
[root@CentOS ~]# radtest -6 test test123 ::1 0 testing123
Sending Access-Request of id 44 to ::1 port 1812
User-Name = "test"
User-Password = "test123"
NAS-IPv6-Address = ::1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host ::1 port 1812, id=44, length=20
4、将服务器改成监听IPV6
需要修改文件
a) /etc/raddb/radiusd.conf
将两个listen {}中 ipaddr = * 注掉,ipv6addr = :: 取消注释
b) /etc/raddb/clients.conf
将localhost中的监听地址改成ipv6的,如下:
client localhost {
ipv6addr = ::1 # any. ::1 == localhost
建立一组client(下面的例子是3000::/64网段为例,也可以使用::/0):
client 3000::/64 {
secret = testing123
shortname = ipv6client //为区别名,和别的组不一样即可
}
5. 验证通过的debug信息:
rad_recv: Access-Request packet from host 3000::abcd port 60378, id=232, length=45
User-Name = "dalon"
User-Password = "testing"
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "dalon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry dalon at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "testing"
[pap] Using clear text password "testing"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 232 to 3000::abcd port 60378
Finished request 29.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 29 ID 232 with timestamp +531
Ready to process requests. (责任编辑:IT)
| 1、使用yum安装即可,确定安装的是freeradius2,而不是1。如果以前又freeradius,先卸载 yum remove freeradius 安装 yum install freeradius2 yum install freeradius2-utils //这个含radtest,用户测试 默认freeradius是使用files方式认证用户,如果不使用数据库,到此安装就搞定了 2、安装完成后就修改配置文件。 vi /etc/raddb/users 找到steve,注释去掉,将steve改成你的用户名。可以建立多个用户,如下: dalon Cleartext-Password := "testing" test Cleartext-Password := "testing123" 3、 测试 可执行文件为 /usr/sbin/radius /usr/sbin/radius -X //debug模式运行,可以看到详细过程。 radtest 测试server是否能响应: radtest test testing localhost 0 testing123 test和testing分别为用户名和密钥,对于配置文件users里面的内容。 localhost为配置文件clients.conf中的内容,默认针对localhost密钥为testing123 0 意思为NAS-PORT 0,默认为0,所以不用配置。见文件 /etc/raddb/radiusd.conf中配置,如下: listen { ipaddr = * //监听IPV4所有地址 # ipv6addr = :: port = 0 //nas-port type = acct # interface = eth0 # clients = per_socket_clients } 测试正确的结果如下(下面是测试IPV6): [root@CentOS ~]# radtest -6 test test123 ::1 0 testing123 Sending Access-Request of id 44 to ::1 port 1812 User-Name = "test" User-Password = "test123" NAS-IPv6-Address = ::1 NAS-Port = 0 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Accept packet from host ::1 port 1812, id=44, length=20 4、将服务器改成监听IPV6 需要修改文件 a) /etc/raddb/radiusd.conf 将两个listen {}中 ipaddr = * 注掉,ipv6addr = :: 取消注释 b) /etc/raddb/clients.conf 将localhost中的监听地址改成ipv6的,如下: client localhost { ipv6addr = ::1 # any. ::1 == localhost 建立一组client(下面的例子是3000::/64网段为例,也可以使用::/0): client 3000::/64 { secret = testing123 shortname = ipv6client //为区别名,和别的组不一样即可 } 5. 验证通过的debug信息: rad_recv: Access-Request packet from host 3000::abcd port 60378, id=232, length=45 User-Name = "dalon" User-Password = "testing" # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "dalon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry dalon at line 76 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "testing" [pap] Using clear text password "testing" [pap] User authenticated successfully ++[pap] returns ok # Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 232 to 3000::abcd port 60378 Finished request 29. Going to the next request Waking up in 4.9 seconds. Cleaning up request 29 ID 232 with timestamp +531 Ready to process requests. (责任编辑:IT) |