#!/bin/bash#MYSQL_HOST=127.0.0.1MYSQL_PORT=3306MYSQL_ROOT_PWD=mysql123# 数

1. #!/bin/bash
2. #
3.  
4. MYSQL_HOST=127.0.0.1
5. MYSQL_PORT=3306
6. MYSQL_ROOT_PWD=mysql123
7.  
8. # 数据库名字默认为radius，建议不改
9. MYSQL_RADIUS_USER=freeradius
10. MYSQL_RADIUS_PWD=freeradius123
11.  
12. # 初始配置的用户和nas
13. RADIUS_USER1=test1
14. RADIUS_USER2=test2
15. RADIUS_PASSWORD=vpn123456
16. RADIUS_NAS_PASSWORD=testing123
17.  
18. # 安装必要的软件包, freeradius-2.1.12+dfsg-1.2ubuntu8
19. apt-get install -y freeradius freeradius-mysql
20.  
21. # 创建数据库
22. mysql --host=$MYSQL_HOST --port=$MYSQL_PORT -uroot -p$MYSQL_ROOT_PWD <<EOF
23. CREATE DATABASE radius;
24. grant all on radius.* to $MYSQL_RADIUS_USER IDENTIFIED BY "$MYSQL_RADIUS_PWD";
25. EOF
26.  
27. # for sql/mysql/dialup.conf
28. mysql --host=$MYSQL_HOST --port=$MYSQL_PORT -uroot -p$MYSQL_ROOT_PWD radius < /etc/freeradius/sql/mysql/schema.sql
29. # for clients.conf
30. mysql --host=$MYSQL_HOST --port=$MYSQL_PORT -uroot -p$MYSQL_ROOT_PWD radius < /etc/freeradius/sql/mysql/nas.sql
31.  
32. # init mysql
33. mysql --host=$MYSQL_HOST --port=$MYSQL_PORT -uroot -p$MYSQL_ROOT_PWD radius <<EOF
34. insert into nas(nasname, shortname, secret) VALUES("127.0.0.1", "localhost", "testing123");
35. insert into radcheck(username, attribute, op, value) values
36. ("$RADIUS_USER1", "Cleartext-Password", ":=", "$RADIUS_PASSWORD"),
37. ("$RADIUS_USER1", "Simultaneous-Use", ":=", "1"),
38. ("$RADIUS_USER1", "Expiration", ":=", "06 Jun 2015 14:55:22");
39. insert into radcheck(username, attribute, op, value) values
40. ("$RADIUS_USER2", "Cleartext-Password", ":=", "$RADIUS_PASSWORD"),
41. ("$RADIUS_USER2", "Simultaneous-Use", ":=", "1"),
42. ("$RADIUS_USER2", "Max-All-Session", ":=", "1800");
43. EOF
44.  
45. # 修改radiusd.conf
46. cp /etc/freeradius/radiusd.conf /etc/freeradius/radiusd.conf.old
47. cat > /etc/freeradius/radiusd.conf <<EOF
48. prefix = /usr
49. exec_prefix = /usr
50. sysconfdir = /etc
51. localstatedir = /var
52. sbindir = \${exec_prefix}/sbin
53. logdir = /var/log/freeradius
54. raddbdir = /etc/freeradius
55. radacctdir = \${logdir}/radacct
56. name = freeradius
57. confdir = \${raddbdir}
58. run_dir = \${localstatedir}/run/\${name}
59. db_dir = \${raddbdir}
60.  
61. libdir = /usr/lib/freeradius
62. pidfile = \${run_dir}/\${name}.pid
63.  
64. user = freerad
65. group = freerad
66.  
67. max_request_time = 30
68. cleanup_delay = 5
69. max_requests = 65536
70.  
71. listen {
72. type = auth
73. ipaddr = *
74. port = 1812
75. }
76.  
77. listen {
78. ipaddr = *
79. port = 1813
80. type = acct
81. }
82.  
83. hostname_lookups = no
84. allow_core_dumps = no
85. regular_expressions = yes
86. extended_expressions = yes
87.  
88. log {
89. destination = files
90. file = \${logdir}/radius.log
91. syslog_facility = daemon
92. stripped_names = no
93. auth = no
94. auth_badpass = no
95. auth_goodpass = no
96. }
97.  
98. checkrad = \${sbindir}/checkrad
99. security {
100. max_attributes = 200
101. reject_delay = 1
102. status_server = yes
103. }
104.  
105. proxy_requests = no
106.  
107. thread pool {
108. start_servers = 5
109. max_servers = 32
110. min_spare_servers = 3
111. max_spare_servers = 10
112. max_requests_per_server = 0
113. }
114.  
115. modules {
116. \$INCLUDE \${confdir}/modules/
117. \$INCLUDE eap.conf
118. \$INCLUDE sql.conf
119. \$INCLUDE timelimit.conf
120. }
121.  
122. instantiate {
123. exec
124. expr
125. expiration
126. logintime
127. }
128.  
129. \$INCLUDE policy.conf
130. \$INCLUDE sites-enabled/
131. EOF
132.  
133. # 设置sites
134. rm /etc/freeradius/sites-enabled/*
135. cat > /etc/freeradius/sites-enabled/my.conf <<EOF
136. authorize {
137. if(NAS-IP-Address) {
138. reject
139. }
140. preprocess
141. chap
142. mschap
143. digest
144. suffix
145. eap {
146. ok = return
147. }
148. sql
149. #expiration
150. #logintime
151. pap
152. timelimit
153. }
154.  
155. authenticate {
156. Auth-Type PAP {
157. pap
158. }
159. Auth-Type CHAP {
160. chap
161. }
162. Auth-Type MS-CHAP {
163. mschap
164. }
165. digest
166. eap
167. }
168.  
169.  
170. preacct {
171. preprocess
172. acct_unique
173. suffix
174. #files
175. }
176.  
177. #
178. # Accounting. Log the accounting data.
179. #
180. accounting {
181. detail
182. #unix
183. #radutmp
184. sql
185. if (noop) {
186. ok
187. }
188. exec
189. attr_filter.accounting_response
190. }
191.  
192. session {
193. #radutmp
194. sql
195. }
196.  
197.  
198. post-auth {
199. sql
200. exec
201. Post-Auth-Type REJECT {
202. attr_filter.access_reject
203. }
204. }
205. EOF
206.  
207. # 修改sql.conf
208. cp /etc/freeradius/sql.conf /etc/freeradius/sql.conf.old
209. cat >/etc/freeradius/sql.conf <<EOF
210. sql {
211. database = "mysql"
212. driver = "rlm_sql_\${database}"
213. server = "$MYSQL_HOST"
214. port = $MYSQL_PORT
215. login = "$MYSQL_RADIUS_USER"
216. password = "$MYSQL_RADIUS_PWD"
217. radius_db = "radius"
218.  
219. acct_table1 = "radacct"
220. acct_table2 = "radacct"
221. postauth_table = "radpostauth"
222. authcheck_table = "radcheck"
223. authreply_table = "radreply"
224. groupcheck_table = "radgroupcheck"
225. groupreply_table = "radgroupreply"
226.  
227. usergroup_table = "radusergroup"
228. deletestalesessions = yes
229. sqltrace = yes
230. sqltracefile = \${logdir}/sqltrace.sql
231. num_sql_socks = 5
232.  
233. connect_failure_retry_delay = 60
234. lifetime = 0
235. max_queries = 0
236. readclients = yes
237. nas_table = "nas"
238. \$INCLUDE sql/\${database}/dialup.conf
239. }
240. EOF
241.  
242. # gen timelimit.conf
243. cat >/etc/freeradius/timelimit.conf <<EOF
244. sqlcounter timelimit {
245. counter-name = Max-All-Session-Time
246. check-name = Max-All-Session
247. sqlmod-inst = sql
248. key = User-Name
249. reset = never
250. query = "SELECT SUM(AcctSessionTime) FROM radacct where UserName='%{%k}'"
251. }
252. EOF
253.  
254. # 如果需要最大连接数配置生效
255. # 需要手工反注释掉sql/mysql/dialup.conf中
256. # sql 语句: simul_count_query
257.  
258. # 启动freeradius
259. service freeradius start
260.  
261. # 测试freeradius
262. radtest $RADIUS_USER $RADIUS_PASSWORD localhost 0 $RADIUS_NAS_PASSWORD