歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Unix知識 >> Unix基礎知識

radius+httpd+php+mysql+dialupadmin總結

RADIUS是一種C/S結構的協議,它的客戶端最初就是NAS(Net Access Server)服務器,現在任何運行RADIUS客戶端軟件的計算機都可以成為RADIUS的客戶端。RADIUS協議認證機制靈活,可以采用PAPCHAP或者Unix登錄認證等多種方式.

RADIUS是一種可擴展的協議,它進行的全部工作都是基於Attribute-Length-Value的向量進行的。RADIUS也支持廠商擴充廠家專有屬性.由於RADIUS協議簡單明確,可擴充,因此得到了廣泛應用,包括普通電話上網、ADSL上網、小區寬帶上網、IP電話、VPDN(Virtual Private Dialup Networks,基於撥號用戶的虛擬專用撥號網業務)、移動電話預付費等業務。最近IEEE提出了802.1x標准,這是一種基於端口的標准,用於對無線網絡的接入認證,在認證時也采用RADIUS協議。

1.系統環境centos6

2.軟件freeradius-2.1.10-5.el6.i686,mysql-5.1.61-1.el6_2.1.i686 php-5.3.3-3.el6_2.8.i686,freeradius-dialupadmin-2.1.1-2.fc10.i386,httpd-2.2.15-15.el6.centos.1.i686

3.安裝軟件

[root@localhost ~]# yum -y httpd mysql mysql-devel mysql-server php freeradius freeradius-mysql httpd-devel php-devel php-gd php-mbstring php-mysql php-xml freeradius-

dialupadmin perl-DateManip php-pgsql php-ldap

4.設置開機啟動

[root@localhost ~]# chkconfig httpd on

[root@localhost ~]# chkconfig mysqld on

[root@localhost ~]# chkconfig radius on

[root@localhost ~]# chkconfig radiusd on

5.配置radiusd.conf文件如下:

[root@localhost ~]# cd /etc/raddb/ //這個主要是配置文件所在地

[root@localhost raddb]# ls

acct_users                 clients.conf.1  policy.conf      sql//數據庫文件.sql文件所在目錄這個需要導入數據庫。

attrs                      dictionary      policy.txt       sql.conf//sql配置文件

attrs.access_challenge     eap.conf        preproxy_users   sql.conf.1

attrs.access_reject        example.pl      proxy.conf       sqlippool.conf

attrs.accounting_response  hints           radiusd.conf//主配置文件     templates.conf

attrs.pre-proxy            huntgroups      radiusd.conf.1   users

certs                      ldap.attrmap    sites-available  users.1

clients.conf//客戶端配置文件              modules         sites-enabled

6.[root@localhost raddb]# cat radiusd.conf//主配置文件

prefix = /usr

exec_prefix = /usr

sysconfdir = /etc

localstatedir = /var

sbindir = /usr/sbin

logdir = ${localstatedir}/log/radius

raddbdir = ${sysconfdir}/raddb

radacctdir = ${logdir}/radacct

name = radiusd

confdir = ${raddbdir}

run_dir = ${localstatedir}/run/${name}

db_dir = ${raddbdir}

libdir = /usr/lib/freeradius

pidfile = ${run_dir}/${name}.pid

user = radiusd

group = radiusd

max_request_time = 30

cleanup_delay = 5

max_requests = 1024

listen {

type = auth

       ipaddr = *

       port = 0

}

listen {

ipaddr = *

port = 0

type = acct

}

hostname_lookups = no

allow_core_dumps = no

regular_expressions     = yes

extended_expressions    = yes

log {

destination = files

file = ${logdir}/radius.log

       syslog_facility = daemon

stripped_names = no

auth = no

auth_badpass = no

auth_goodpass = no

}

checkrad = ${sbindir}/checkrad

security {

max_attributes = 200

reject_delay = 1

status_server = yes

}

proxy_requests  = yes

$INCLUDE proxy.conf

$INCLUDE clients.conf

thread pool {

start_servers = 5

max_servers = 32

min_spare_servers = 3

max_spare_servers = 10

max_requests_per_server = 0

}

modules {

$INCLUDE ${confdir}/modules/

$INCLUDE eap.conf

}

instantiate {

exec

expr

expiration

logintime

}

$INCLUDE policy.conf

$INCLUDE sites-enabled/

$INCLUDE sql.conf //這個是本人加入的

7.[root@localhost raddb]# cat sql.conf//查看sql配置文件

sql {

database = "mysql"

driver = "rlm_sql_${database}"

server = "localhost"

login = "root"//修改數據用戶名為root

password = "123456"//密碼為123456

radius_db = "radius"//數據庫名字叫radius

acct_table1 = "radacct"

acct_table2 = "radacct"

postauth_table = "radpostauth"

authcheck_table = "radcheck"

authreply_table = "radreply"

groupcheck_table = "radgroupcheck"

groupreply_table = "radgroupreply"

usergroup_table = "radusergroup"

       deletestalesessions = yes

sqltrace = no

sqltracefile = ${logdir}/sqltrace.sql

num_sql_socks = 5

connect_failure_retry_delay = 60

lifetime = 0

max_queries = 0

       nas_table = "nas"

$INCLUDE sql/${database}/dialup.conf

}

8.[root@localhost raddb]# cat clients.conf//客戶端配置文件

client localhost {

ipaddr = 127.0.0.1

secret          = testing123

require_message_authenticator = no

}

client 192.168.40.39 {

secret =testing123

shortname =test

nastype =other

}

//為你NAS的相應值

192.168.40.39為NAS要地址

secret      = testing123為密鑰

shortname   = test任意

nastype     = other為你NAS設備的類型

9.配置httpd.conf /etc/httpd/conf/httpd.conf

文件添加兩處如下:

DirectoryIndex index.html index.php index.html.var//添加index.php

AddType application/x-httpd-php .php

AddType application/x-httpd-php-source .phps

AddType application/x-httpd-php .html

修改apache的radius.conf配置文件

# vi /etc/httpd/conf.d/radius.conf

<Directory /usr/share/dialup_admin/htdocs/>

  Options None

  order deny,allow

  deny from all

  allow from 127.0.0.1 192.168.40.39

</Directory>

在allow from 處添加你允許訪問freeradius-dialupadmin的ip 用空格分開

修改apache的php.conf配置文件

# vi /etc/httpd/conf.d/php.conf

在未尾添加

AddType application/x-httpd-php .php .php3

10.配置主配置文件admin.conf文件

[root@localhost raddb]# cd /usr/share/dialup_admin/

[root@localhost dialup_admin]# ls

bin  Changelog  conf  doc  htdocs  html  lib  Makefile  README  sql

[root@localhost conf]# ls

accounting.attrs  auth.request        naslist.conf    user_edit.attrs

admin.conf //主配置       captions.conf       naslist.conf.1  username.mappings

admin.conf.1 //為備份1     config.php3         naslist.conf.2

admin.conf.2      default.vals        sql.attrmap

admin.conf.3      extra.ldap-attrmap  sql.attrs

11.[root@localhost conf]# cat admin.conf//查看主配置文件如下:

general_prefered_lang: en

general_prefered_lang_name: English

general_charset: iso-8859-1

general_base_dir: /usr/share/dialup_admin

general_radiusd_base_dir: /usr

general_domain: company.com

general_use_session: no

general_most_recent_fl: 30

general_realm_delimiter: @

general_realm_format: suffix

general_show_user_password: yes

general_raddb_dir: /etc/raddb

general_ldap_attrmap: /etc/raddb/ldap.attrmap

general_clients_conf: /etc/raddb/clients.conf

general_sql_attrmap: %{general_base_dir}/conf/sql.attrmap

general_accounting_attrs_file: %{general_base_dir}/conf/accounting.attrs

general_extra_ldap_attrmap: %{general_base_dir}/conf/extra.ldap-attrmap

general_username_mappings_file: %{general_base_dir}/conf/username.mappings

general_lib_type: mysql

general_user_edit_attrs_file: %{general_base_dir}/conf/user_edit.attrs

general_sql_attrs_file: %{general_base_dir}/conf/sql.attrs

general_default_file: %{general_base_dir}/conf/default.vals

general_finger_type: snmp

general_nas_type: cisco

general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger

general_sessionclear_bin: %{general_base_dir}/bin/clearsession

general_sessionclear_method: snmp

general_radclient_bin: /usr/bin/radclient

general_test_account_login: test

general_test_account_password: test

general_radius_server: localhost

general_radius_server_port: 1812

general_radius_server_auth_proto: chap

general_radius_server_secret: testing123

general_auth_request_file: %{general_base_dir}/conf/auth.request

general_encryption_method: clear

general_accounting_info_order: desc

general_stats_use_totacct: no

general_restrict_badusers_access: no

general_restrict_nasadmin_access: no

INCLUDE: %{general_base_dir}/conf/naslist.conf

INCLUDE: %{general_base_dir}/conf/captions.conf

ldap_server: ldap.%{general_domain}

ldap_base: dc=company,dc=com

ldap_binddn: cn=Directory Manager

ldap_bindpw: XXXXXXX

ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base}

ldap_default_dn: uid=default-dialup,%{ldap_base}

ldap_regular_profile_attr: dialupregularprofile

sql_type: mysql

sql_server: localhost

sql_port: 3306

sql_username: root

sql_password: 123456

sql_database: radius

sql_accounting_table: radacct

#sql_badusers_table: badusers

sql_check_table: radcheck

sql_reply_table: radreply

#sql_user_info_table: userinfo

sql_groupcheck_table: radgroupcheck

sql_groupreply_table: radgroupreply

#sql_usergroup_table: radusergroup

sql_total_accounting_table: totacct

sql_nas_table: nas

sql_show_all_groups: true

sql_command: /usr/bin/mysql

general_snmp_type: net

general_snmpwalk_command: /usr/local/bin/snmpwalk

general_snmpget_command: /usr/local/bin/snmpget

#sql_debug: true

#sql_use_user_info_table: true

#sql_use_operators: true

sql_password_attribute: User-Password

sql_date_format: Y-m-d

sql_full_date_format: Y-m-d H:i:s

sql_row_limit: 40

sql_connect_timeout: 3

counter_default_daily: none

counter_default_weekly: none

counter_default_monthly: none

[root@localhost conf]# cat naslist.conf//配置文件二

nas1_name: nas1.%{general_domain}

nas1_model: Computer

nas1_ip: 192.168.40.39

nas1_port_num: 16

nas1_community: public

//

as1_model: Computer 為nas類型

nas1_ip: 192.168.40.39 為nas ip

nas可添加多個修改nas號則可。

[root@localhost conf]# cat captions.conf//配置文件三

general_caption_finger_free_lines: free lines

12.配置mysql數據庫和創建數據庫radius

[root@localhost conf]# service mysqld start//啟動mysqld服務

[root@localhost conf]mysqladmin -u root password "your password" //兩種方法設置root連接mysql的密碼。

使用mysql庫

mysql> use mysql

修改root密碼

mysql> update user set password=password("123456") where user="root";

mysql> flush privileges;

[root@localhost conf]mysql -uroot -p123456 -e "create database radius;" //創建數據庫radius

mysql> show databases;

+--------------------+

| Database           |

+--------------------+

| information_schema |

| mysql              |

| radius             |

| test               |

+--------------------+

4 rows in set (0.00 sec)

mysql> use radius;

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

mysql> show tables;

+------------------+

| Tables_in_radius |

+------------------+

| nas              |

| radacct          |

| radcheck         |

| radgroupcheck    |

| radgroupreply    |

| radippool        |

| radpostauth      |

| radreply         |

| radusergroup     |

+------------------+

9 rows in set (0.01 sec)

[root@localhost mysql]# pwd

/etc/raddb/sql/mysql

[root@localhost mysql]# ls//把帶.sql的文件全部倒入radius數據中

admin.sql     cui.conf  dialup.conf  ippool.sql  schema.sql  wimax.sql

counter.conf  cui.sql   ippool.conf  nas.sql     wimax.conf

倒入數據庫的方法為:

mysql> show databases;//查看數據庫

+--------------------+

| Database           |

+--------------------+

| information_schema |

| mysql              |

| radius             |

| test               |

+--------------------+

4 rows in set (0.00 sec)

mysql> use radius;//進入數據庫radius

Database changed

mysql> show tables;//show表為空

Empty set (0.00 sec)

mysql>source /etc/raddb/sql/mysql/admin.sql //利用source導入數據庫

mysql>source /etc/raddb/sql/mysql/cui.sql

mysql>source /etc/raddb/sql/mysql/ippool.sql

mysql>source /etc/raddb/sql/mysql/as.sql

mysql>source /etc/raddb/sql/mysql/schema.sql

mysql>source /etc/raddb/sql/mysql/wimax.sql

還有一種方法就是用[root@localhost mysql]#mysql -uroot -p radius </etc/raddb/sql/mysql/admin.sql//其它省略

mysql> show tables;

+------------------+

| Tables_in_radius |

+------------------+

| nas              |

| radacct          |

| radcheck         |

| radgroupcheck    |

| radgroupreply    |

| radippool        |

| radpostauth      |

| radreply         |

| radusergroup     |

+------------------+

9 rows in set (0.00 sec)

mysql> desc radusergroup;

+-----------+-------------+------+-----+---------+-------+

| Field     | Type        | Null | Key | Default | Extra |

+-----------+-------------+------+-----+---------+-------+

| username  | varchar(64) | NO   | MUL |         |       |

| groupname | varchar(64) | NO   |     |         |       |

| priority  | int(11)     | NO   |     | 1       |       |

+-----------+-------------+------+-----+---------+-------+

3 rows in set (0.00 sec)

mysql> desc nas;//顯示NAS表的結構

+-------------+--------------+------+-----+---------------+----------------+

| Field       | Type         | Null | Key | Default       | Extra          |

+-------------+--------------+------+-----+---------------+----------------+

| id          | int(10)      | NO   | PRI | NULL          | auto_increment |

| nasname     | varchar(128) | NO   | MUL | NULL          |                |

| shortname   | varchar(32)  | YES  |     | NULL          |                |

| type        | varchar(30)  | YES  |     | other         |                |

| ports       | int(5)       | YES  |     | NULL          |                |

| secret      | varchar(60)  | NO   |     | secret        |                |

| server      | varchar(64)  | YES  |     | NULL          |                |

| community   | varchar(50)  | YES  |     | NULL          |                |

| description | varchar(200) | YES  |     | RADIUS Client |                |

+-------------+--------------+------+-----+---------------+----------------+

9 rows in set (0.00 sec)

接著創建radius用戶

[root@localhost conf]#useradd radius

使用mysql庫

mysql> use mysql

修改radius密碼

mysql> update user set password=password("radius") where user="radius";

mysql> flush privileges;

創建radius數據庫用戶

mysql> grant all privileges on radius.* to radius@localhost identified by "radius";

mysql> flush privileges;

mysql> exit

//

相信結果不會讓你滿意.因為服務器比較的是加密的值,所以服務器連接一定失敗.這裡需要說明的是flush privileges;這條命令起到了重新加載授權表.你也可以在shell下直接用mysqladmin -u root

reload或者mysqladmin -u root flush-privileges來實現重載授權表.在Mysql環境下,你可以使用以下語句進行設置密碼:

1.insert into user(host,user,password) values('%','user_name',password("your password");

2.set password for user_name = password("your password")

以上兩種方法都必須進行重載授權表.

3.當然你也可以在創建一個用戶時直接設置密碼,grant語句將為你自動加密口令.

如 grant all on *.* to user_name@% identified by "your password";

另外你也可以在shell環境下用mysqladmin程序來設置密碼

如 mysqladmin -u root password "your password"

13.啟動apache服務

[root@localhost conf]# service httpd start

Stopping httpd:                                            [  OK  ]

Starting httpd:                                            [  OK  ]

配置test.php

[root@localhost mysql]# cat /var/www/html/test.php

<?php

phpinfo();

?>

14.最後客戶端ie浏覽器http://ip/test.php如果看到信息說明是好的,如果要進入freeradius-dialupadmin,直接http://ip/radius/即可.

本文出自 “有志者事竟成!” 博客,請務必保留此出處http://zh888.blog.51cto.com/1684752/861742

Copyright © Linux教程網 All Rights Reserved