centos上的安装和调试freeradius,centosfreeradius如果以前又freer


1、使用yum安装即可,确定安装的是freeradius2,而不是1。如果以前又freeradius,先卸载


yum remove freeradius


安装


yum install freeradius2


yum install freeradius2-utils//这个含radtest,用户测试


默认freeradius是使用files方式认证用户,如果不使用数据库,到此安装就搞定了


2、安装完成后就修改配置文件。


vi /etc/raddb/users


找到steve,注释去掉,将steve改成你的用户名。可以建立多个用户,如下:


dalon Cleartext-Password := "testing"


test Cleartext-Password := "testing123"


3、 测试


可执行文件为 /usr/sbin/radius


/usr/sbin/radius -X //debug模式运行,可以看到详细过程。


radtest 测试server是否能响应:


radtest test testing localhost 0 testing123


test和testing分别为用户名和密钥,对于配置文件users里面的内容。


localhost为配置文件clients.conf中的内容,默认针对localhost密钥为testing123


0 意思为NAS-PORT 0,默认为0,所以不用配置。见文件 /etc/raddb/radiusd.conf中配置,如下:


listen {


ipaddr = * //监听IPV4所有地址


# ipv6addr = ::


port = 0 //nas-port


type = acct


# interface = eth0


# clients = per_socket_clients


}


测试正确的结果如下(下面是测试IPV6):


[root@CentOS~]# radtest -6 test test123 ::1 0 testing123


Sending Access-Request of id 44 to ::1 port 1812


User-Name = "test"


User-Password = "test123"


NAS-IPv6-Address = ::1


NAS-Port = 0


Message-Authenticator = 0x00000000000000000000000000000000


rad_recv: Access-Accept packet from host ::1 port 1812, id=44, length=20


4、将服务器改成监听IPV6


需要修改文件


a) /etc/raddb/radiusd.conf


将两个listen {}中 ipaddr = *注掉,ipv6addr = :: 取消注释


b) /etc/raddb/clients.conf


将localhost中的监听地址改成ipv6的,如下:


client localhost {


ipv6addr = ::1# any.::1 == localhost


建立一组client(下面的例子是3000::/64网段为例,也可以使用::/0):


client 3000::/64 {


secret = testing123


shortname = ipv6client //为区别名,和别的组不一样即可


}


5. 验证通过的debug信息:


rad_recv: Access-Request packet from host 3000::abcd port 60378, id=232, length=45


User-Name = "dalon"


User-Password = "testing"


# Executing section authorize from file /etc/raddb/sites-enabled/default


+- entering group authorize {...}


++[preprocess] returns ok


++[chap] returns noop


++[mschap] returns noop


++[digest] returns noop


[suffix] No '@' in User-Name = "dalon", looking up realm NULL


[suffix] No such realm "NULL"


++[suffix] returns noop


[eap] No EAP-Message, not doing EAP


++[eap] returns noop


[files] users: Matched entry dalon at line 76


++[files] returns ok


++[expiration] returns noop


++[logintime] returns noop


++[pap] returns updated


Found Auth-Type = PAP


# Executing group from file /etc/raddb/sites-enabled/default


+- entering group PAP {...}


[pap] login attempt with password "testing"


[pap] Using clear text password "testing"


[pap] User authenticated successfully


++[pap] returns ok


# Executing section post-auth from file /etc/raddb/sites-enabled/default


+- entering group post-auth {...}


++[exec] returns noop


Sending Access-Accept of id 232 to 3000::abcd port 60378


Finished request 29.


Going to the next request


Waking up in 4.9 seconds.


Cleaning up request 29 ID 232 with timestamp +531


Ready to process requests.

相关内容

    暂无相关文章