Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- sudo apt-get install freeradius
- sudo apt-get install freeradius-mysql
- cd /etc/freeradius/3.0/
- sudo mysql -u root -p
- create database radius;
- exit;
- sudo mysql -u root -p radius < schema.sql
- sudo mysql -u root -p
- insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
- insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');
- insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.254');
- insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
- insert into radcheck (username,attribute,op,value) values ('test','User-Password',':=','test');
- insert into radusergroup (username,groupname) values ('test','user');
- exit;
- cp /etc/freeradius/3.0/sites-available/default /etc/freeradius/3.0/sites-available/default.org
- 修改
- sites-enabled/default
- authorize {
- #digest
- #suffix
- #files
- ...
- # Look in an SQL database. The schema of the database
- # is meant to mirror the "users" file.
- #
- # See "Authorization Queries" in mods-available/sql
- sql
- ...
- #-ldap
- }
- authenticate {
- #digest
- }
- preacct {
- #suffix
- #files
- }
- accounting {
- # Log traffic to an SQL database.
- #
- # See "Accounting queries" in mods-available/sql
- sql
- #exec
- #attr_filter.accounting_response
- }
- session {
- #radutmp
- # See "Simultaneous Use Checking Queries" in mods-available/sql
- sql
- }
- post-auth {
- # After authenticating the user, do another SQL query.
- #
- # See "Authentication Logging Queries" in mods-available/sql
- sql
- 以下這個區塊我全部註解掉
- #Post-Auth -Type REJECT {
- # log failed authentications in SQL, too.
- #-sql
- #}
- }
- exit;
- 備份
- cp /etc/freeradius/3.0/sites-available/inner-tunnel /etc/freeradius/3.0/sites-available/inner-tunnel.org
- 修改
- /etc/freeradius/3.0/sites-enabled/inner-tunnel
- authorize {
- #suffix
- #files
- sql
- #-ldap
- }
- authenticate {
- }
- session {
- # Se você deseja usar o atributo Simultaneous-Use, descomente sql e comente radutmp
- #radutmp
- sql
- }
- post-auth {
- sql
- # Post-Auth-Type REJECT {
- # # log failed authentications in SQL, too.
- # -sql
- # attr_filter.access_reject
- #
- # #
- # # Let the outer session know which module failed, and why.
- # #
- # update outer.session-state {
- # &Module-Failure-Message := &request:Module-Failure-Message
- # }
- # }
- }
- exit;
- 備份
- cp /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-available/sql.orig
- 修改 mods-available/sql
- sql {
- driver = “rlm_sql_mysql”
- ......
- database = "mysql"
- server = “localhost”
- port = 3306
- login = “NUser”
- password = “1234”
- # Database table configuration for everything except Oracle
- radius_db = “radius”
- }
- 註解拿掉了
- read_clients = yes
- client_table =“nas”
- :q
- ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/sql
- 配置 radius.conf
- cp /etc/freeradius/3.0/radiusd.conf /etc/freeradius/3.0/radiusd.conf.orig
- 將註解改成下面這樣
- stripped_names = yes
- auth = yes
- auth_badpass = yes
- auth_goodpass = yes
- 重啟 radius
- sudo service freeradius start
- 用這個試
- radtest test test localhost 0 testing123
- 出現下面這個錯誤
- Sent Access-Request Id 213 from 0.0.0.0:51672 to 127.0.0.1:1812 length 74
- User-Name = "test"
- User-Password = "test"
- NAS-IP-Address = 127.0.1.1
- NAS-Port = 1812
- Message-Authenticator = 0x00
- Cleartext-Password = "test"
- Received Access-Reject Id 213 from 127.0.0.1:1812 to 0.0.0.0:0 length 38
- Service-Type = Framed-User
- Framed-IP-Address = 255.255.255.254
- Framed-IP-Netmask = 255.255.255.0
- (0) -: Expected Access-Accept got Access-Reject
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement