centos上的安裝和調試freeradius
centos上的安裝和調試freeradius
1、使用yum安裝即可,確定安裝的是freeradius2,而不是1。如果以前又freeradius,先卸載
yum remove freeradius
安裝
yum install freeradius2
yum install freeradius2-utils//這個含radtest,用戶測試
默認freeradius是使用files方式認證用戶,如果不使用數據庫,到此安裝就搞定了
2、安裝完成後就修改配置文件。
vi /etc/raddb/users
找到steve,注釋去掉,將steve改成你的用戶名。可以建立多個用戶,如下:
dalon Cleartext-Password := "testing"
test Cleartext-Password := "testing123"
3、 測試
可執行文件為 /usr/sbin/radius
/usr/sbin/radius -X //debug模式運行,可以看到詳細過程。
radtest 測試server是否能響應:
radtest test testing localhost 0 testing123
test和testing分別為用戶名和密鑰,對於配置文件users裡面的內容。
localhost為配置文件clients.conf中的內容,默認針對localhost密鑰為testing123
0 意思為NAS-PORT 0,默認為0,所以不用配置。見文件 /etc/raddb/radiusd.conf中配置,如下:
listen {
ipaddr = * //監聽IPV4所有地址
# ipv6addr = ::
port = 0 //nas-port
type = acct
# interface = eth0
# clients = per_socket_clients
}
測試正確的結果如下(下面是測試IPV6):
[root@CentOS~]# radtest -6 test test123 ::1 0 testing123
Sending Access-Request of id 44 to ::1 port 1812
User-Name = "test"
User-Password = "test123"
NAS-IPv6-Address = ::1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host ::1 port 1812, id=44, length=20
4、將服務器改成監聽IPV6
需要修改文件
a) /etc/raddb/radiusd.conf
將兩個listen {}中 ipaddr = *注掉,ipv6addr = :: 取消注釋
b) /etc/raddb/clients.conf
將localhost中的監聽地址改成ipv6的,如下:
client localhost {
ipv6addr = ::1# any.::1 == localhost
建立一組client(下面的例子是3000::/64網段為例,也可以使用::/0):
client 3000::/64 {
secret = testing123
shortname = ipv6client //為區別名,和別的組不一樣即可
}
5. 驗證通過的debug信息:
rad_recv: Access-Request packet from host 3000::abcd port 60378, id=232, length=45
User-Name = "dalon"
User-Password = "testing"
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "dalon", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry dalon at line 76
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "testing"
[pap] Using clear text password "testing"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 232 to 3000::abcd port 60378
Finished request 29.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 29 ID 232 with timestamp +531
Ready to process requests.
http://xxxxxx/Linuxjc/1156069.html TechArticle