OpenSER+Radius全攻略

文章由LinuxBoy分享于2019-03-24 09:03:36热评（687）

OpenSER+Radius全攻略

freeradius需要openssl库，在quicklinux中已经预装好openssl-0.9.7a-46.i686

如果mysql不是安装在/usr/local/目录下需要做个连接：
# ln -s /opt/lapmcp/apmc/ /usr/local/mysql

首先安装freeradius，并在不连接mysql的情况下测试：
# cd /home/zyq/tempfile/OpenSER_ins/AAA
# tar -xzvf freeradius-1.1.4.tar.gz
# cd freeradius-1.1.4
# ./configure --with-rlm-sql-lib-dir=/opt/lapmcp/apmc/lib/mysql/ --with-rlm-sql-include-dir=/opt/lapmcp/apmc/include/mysql/
# make
# make install WITH_MYSQL=yes

配置freeradius；
1) 修改 clients.conf
# vi /usr/local/etc/raddb/clients.conf
client 127.0.0.1 {
secret = testing123
shortname = localhost
nastype = other
} //默认已有。这里secret = testing123 表示从127.0.0.1这个客户端连接radius服务所需要用的密码。

2) 修改 naslist ,加入：
# vi /usr/local/etc/raddb/naslist
localhost local portslave
//默认已有

3) 编辑 users ,加入用户： (这个用户是保存在文本文件里的，做测试用)
# vi /usr/local/etc/raddb/users
在例子中的steve这段下面加入
hefish     Auth-Type:=local, User-Password == "123456"
           Service-Type = Framed-User,
           Framed-Protocol = PPP,
           Framed-IP-Address = 192.168.137.2,
           Framed-IP-Netmask = 255.255.255.0
在例子Jone Doe这段下面加入
powerlift Auth-Type := Local, User-Password == "ilovelinux"
          Reply-Message = "Hello, powerlift!"
保存退出。

4)执行测试
# /usr/local/sbin/radiusd -X
然后另开一个终端，测试：
# radtest hefish 123456 localhost 0 testing123
返回：
Sending Access-Request of id 11 to 127.0.0.1 port 1812
        User-Name = "hefish"
        User-Password = "123456"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=11, length=44
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = 192.168.137.2
        Framed-IP-Netmask = 255.255.255.0
测试通过，再测试：
# radtest powerlift ilovelinux localhost 0 testing123
返回：
Sending Access-Request of id 15 to 127.0.0.1 port 1812
        User-Name = "powerlift"
        User-Password = "ilovelinux"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=15, length=39
        Reply-Message = "Hello, powerlift!"
测试通过。

5)配置radiusd用mysql来认证。先在mysql里面创建数据库：
# /usr/local/mysql/bin/mysqladmin -u root -p create radius
# cd /home/zyq/tempfile/OpenSER_ins/AAA/freeradius-1.1.4/doc/examples
# /usr/local/mysql/bin/mysql -u root -p radius < mysql.sql

6) 编辑 radiusd.conf 使其支持mysql认证；
# vi /usr/local/etc/raddb/radiusd.conf
authorize {
preprocess
chap
mschap
suffix
sql
...
}
accounting {
...
sql
...
}

7) 编辑 sql.conf ，使radius可以访问mysql
# vi /usr/local/etc/raddb/sql.conf
sql {
driver = "rlm_sql_mysql"
server = "localhost"
login = "root"
password = "mysql的密码"
radius_db = "radius"
// 剩下的配置就默认吧 (如果您要做用户帐号/网卡MAC/电话号码绑定之类的东西，那就例外，可以改下面的配置)
}

8) 向数据库里增加一些数据；
# /usr/local/mysql/bin/mysql -u root -p radius
先加入一些组信息:
insert into radgroupreply (groupname,attribute,op,value) values (user,Auth-Type,:=,Local);
insert into radgroupreply (groupname,attribute,op,value) values (user,Service-Type,=,Framed-User);
insert into radgroupreply (groupname,attribute,op,value) values (user,Framed-IP-Netmask,=,255.255.255.255);
insert into radgroupcheck (groupname, attribute, op, value) values ("user", "Auth-Type", ":=", "Local");
然后加入用户信息：
insert into radcheck (username,attribute,op,value) values (zyq,User-Password,==,12345678);
然后把用户加到组里：
insert into usergroup(username,groupname) values(zyq,user);

9) 为了让radius能正确地调用mysql，还要指定一下库的位置：
# echo /usr/lib >> /etc/ld.so.conf
# echo /usr/local/lib >> /etc/ld.so.conf
# echo /opt/lapmcp/apmc/lib >> /etc/ld.so.conf
# ldconfig

10) 测试freeradius+mysql：
# radtest zyq 12345678 localhost 0 testing123
收到：
Sending Access-Request of id 146 to 127.0.0.1 port 1812
        User-Name = "zyq"
        User-Password = "12345678"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=146, length=32
        Service-Type = Framed-User
        Framed-IP-Netmask = 255.255.255.255

===================================
安装radius-client:
~# tar xvfz radiusclient-ng-X.Y.Z.tar.gz
~# cd radiusclient-ng-X.Y.Z
~# ./configure
~# make
~# make install

安装OpenSER with freeradius:
检查mysql.h及libmysqlclient.so等是否就位
将libmysqlclient.so、libmysqlclient.so.15、libmysqlclient_r.so及libmysqlclient_r.so.15从/usr/local/mysql/lib/mysql下cp到/usr/lib下
mysql.h在/usr/local/mysql/include/mysql下,如果mysql不是标准安装则把mysql目录cp到/usr/local/include下

编译安装OpenSER:
~> tar xzvf openser-1.1.0_src.tar.gz
~> cd openser-1.1.0
~> vi modules/acc/Makefile
将以下两行前的注释去掉：
DEFS+=-DRAD_ACC -I$(LOCALBASE)/include
LIBS=-L$(LOCALBASE)/lib -lradiusclient-ng
~> vi Makefile
exclude_modules?= jabber cpl-c pa mysql postgres osp unixodbc
avp_radius auth_radius group_radius uri_radius
注释掉第二行，删除第一行的mysql
~> NICER=1 make all
~> make install

完了后在/usr/local/sbin下面会生成
openser,openserctl,openserunix,openser_mysql.sh这四个文件
用openser_mysql.sh create创建数据库：
~> openser_mysql.sh create
MySql password for root:                               //mysql的密码
Domain (realm) for the default user admin:           //直接回车
       creating database openser ...
Install SERWEB tables ?(y/n):y                         //按y然后回车
Domain (realm) for the default user admin:           //直接回车
       creating serweb tables into openser

推荐文章：

OpenSER+Radius全攻略