Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Server \ Radius server setup under CentOS     - Give your photos Instagram style filters plus program in ubuntu (Linux)

- Use in Linux ipmitool tool (Linux)

- Circular list of Java programming (Programming)

- Linux fast set ip bond (Linux)

- Linux use additional rights (Linux)

- Protect your files, modify the Linux value Umask (Linux)

- CentOS installation Docker series (Linux)

- Alien Magic: RPM and DEB Mutual Convert (Linux)

- Why did not Oracle privileges can also log in with sysdba (Database)

- Java threads in the life cycle (Programming)

- Ubuntu iptables prevent IP attacks (Linux)

- Upgrading Oracle 11.2.0.1 to 11.2.0.3 (Database)

- CentOS 6.5 install Maven and Nexus warehouse agent (Server)

- To get Java class / jar package path (Programming)

- VSFTPD Security (Linux)

- Setting Lns firewall against ARP attacks (Linux)

- Node.js installed on Ubuntu Upstream version (Linux)

- Installation and configuration of phpMyAdmin under CentOS (Database)

- To resolve Ubuntu 14.04 Unity Desktop Environment Login freeze problem (Linux)

- Create Your Own Docker base image in two ways (Linux)

 
         
  Radius server setup under CentOS
     
  Add Date : 2017-06-24      
         
         
         
  First, to achieve the environment:

1. System: CentOS release 6.6 (Final)

2. The need for a package:

1) freeradius-2.1.12-6.e16.x86_64

  freeradius-mysql-2.1.12-6.e16.x86_64

2) ppp-2.4.5-5.e16.x86_64

3) rp-pppoe-3.10-11.e16.x86_64

4) mysql-5.1.73-3.e16_5.x86_64

  mysql-devel-5.1.73-3.e16_5.x86_64

5) openssl-1.0.1e-30.e16_6.5.x86_64

Second, the actual deployment server environment analysis and simple principle:

Radius is the Remote Access Dial In User Service abbreviation. Radius is mainly used to provide authentication (Authentication) mechanism, used to identify the user's identity and password confirmation through via authorization (Authorization) user access to your domain using resources and provide billing (Accounting) mechanism, save the use of network's record. Freeradius is an OpenSource software, based on radius protocol to implement RADIUS AAA (Authentication, Authorization, Accounting) function.

The actual operating environment and functions for the radius server.

Radius server and access server in conjunction with implementing user broadband account billing obtain permission to connect to the Internet dial-up network.

Third, Radius server structures:

      After using the command 1. Install CentOS system to configure your network: #yum update to update your system.

      2. Check each package is installed: #rpm -q ppp rp-pppoe freeradius mysql- * openssl

If you do not use the command: #yum install ppp rp-pppoe freeradius- * mysql- * openssl

Installation, general openssl update after the system has been installed. After installing the individual software, use the command:

#wget ftp://ftp.samba.org/pub/ppp/ppp-2.4.5.tar.gz Download ppp source code package to the next / etc / ppp / radius directory created. (#mkdir / Etc / ppp / radius // create directories)

Below configure each service:

1. Configure the / etc / ppp / options file:

lock

crtscts

nobsdcomp

nodeflate

nopcomp

      2. Configure / etc / ppp / pppoe-server-options file, reads:

# PPP options for the PPPoE server

# LIC: GPL

auth

require-chap

default-mru

default-asyncmap

lcp-echo-interval 60

lcp-echo-failure 5

ms-dns 202.96.128.86

noipdefault

noipx

nodefaultroute

proxyarp

noktune

logfile /var/log/pppd.log

3. Let pppoe service uses freeradius server for authentication.

1) First change the / etc / ppp / pppoe-server-options, add two lines set:

#PPP Options for the PPPoE server

#LIC: GPL

auth

require-chap

default-mru

default-asyncmap

lcp-echo-interval 60

lcp-echo-failure 5

ms-dns 202.96.128.86

noipdefault

noipx

nodefaultroute

proxyarp

noktune

-> Plugin /usr/lib/pppd/2.4.5/radius.so

-> Radius-config-file /etc/ppp/radiuds/radiusclient.conf

logfile /var/log/pppd.log

Let denote pppoe-server at run time to join a search radius of pppd, allowing pppoe services through freeradius to validate and accounting. After you add this line, you can create / etc / ppp / radiuds / directory, after you've created, you need look ppp source code. Unzip ppp source code directory:
#tar -xzf ppp-2.4.5.tar.gz

#cd ppp-2.4.5

#cd pppd / plugins / radius / etc /

#cp * / etc / ppp / radiuds /

2) Under this directory there is a need for all relevant configuration file, of which the most important is /etc/ppp/radiuds/radiusclient.conf, first open the configuration file, its contents (annotation has been removed):

auth_order radius

login_tries 4

login_timeout 60

nologin / etc / nologin

issue / etc / ppp / radiuds / issue

authserver localhost: 1812

acctserver localhost: 1813

servers / etc / ppp / radiuds / servers

dictionary / etc / ppp / radiuds / dictionary

login_radius /usr/local/sbin/login.radius

seqfile /var/run/radius.seq

mapfile / etc / ppp / radiuds / port-id-map

default_realm

radius_timeout 10

radius_retries 3

login_local / bin / login

3) In addition, the need to change the files in this directory servers, this file is used to specify the name of the host to read the radius server and key value (in freeradius need to specify the configuration).

Edit / etc / ppp / radius / servers, set the radius server location

localhost testing123 // here is the password testing123

4) Edit / etc / ppp / radius / dictionary, modify some path settings, mainly the last dictionary.microsoft path settings.

INCLUDE /etc/ppp/radiuds/dictionary.microsoft

5) At this point pppoe service it has been certified by radius. Then freeradius configuration.

Wherein freeradius-mysql package uses to make freeradius connect mysql database, this section less than.

First open /etc/raddb/clients.conf configure client access control, document reads as follows:

Client localhost {

Secret = testing123

Shortname = localhost

Nastype = other

}

It indicates that the client's permit from 127.0.0.1 ip login radius of service, and the need to verify the secret of testing123, the above information is in the file servers to be configured. To achieve can be accessed from another machine, please refer to the comments for assistance.

6) Then configure / etc / raddb / naslist file, reads:

# NAS Name Short Name Type

# Portmaster1.isp.com pm1.NY

livingston

# Portmaster2.isp.com pm1.LA

livingston

localhost local portslave

This file is used to configure recording which requires the use of a specified radius nas server be accounted for. Now specifying the localhost.

7) the master configuration file is radiusd.conf, this file is mainly used to specify the default freeradius server authentication and accounting mode. We currently use local papers is / etc / raddb / users file, add the need to provide services to pppoe authentication of user information, as follows (in front of the user name must not have spaces):

Aaa Auth-Type: = Local, Simultaneous-Use: = 1, User-Password: = "aaa"

[Tab] Service-Type = Framed-User,

[Tab] Framed-Protocol = PPP,

[Tab] Framed-IP-Netmask = 255.255.255.255

Wherein Simultaneous-Use: = 1 field to set the number of simultaneous logons for each user.

8) In order to be able to call mysql radius correctly, but also to specify what position the library:

echo / usr / lib >> /etc/ld.so.conf

ldconfig

After 9) are configured, you can radiusd -X command debugging way to start, then re-start pppoe-server, verify with a client dialing, check whether the pppoe service success by freeradius to authenticate users. If successful, this part is completed. By service radius restart to start normally radius service.

Radiusd -X

radtest aaa aaa localhost 0 testing123

Access-Accept see words like on that success. Then you can start official radiusd.

5. Configure freeradius user information is read from mysql database

      1. # mysql -u root -p 123 // Login mysql

      2.> create database radius; // create a database

      3.> exit // Exit Database

      4. # cd / etc / raddb / sql / mysql

      5. # mysql -u root -p radius < schema.sql // the table into the database, the database to see if the import table 7

      6. Modify the / etc / raddb / sites-enabled / default file to authorize {}, accounting {} The sql annotation # removed, and to authorize {} in the files notes # plus. As follows:

Authorize {

Chap

Mschap

Suffix

Eap

#files

Sql

Pap

}

Accounting {

Detail

Unix

Redutmp

sql

}

      7. Modify the mysql database connection profile /etc/raddb/sql.conf

      Server = "localhost"

      Login = "root"

      Password = "123"

      Radius_db = "radius" // Database Name

      8. Modify /etc/raddb/radius.conf file:

      The $ INCLUDE sql.conf Notes # removed.

      9. Add the database test account:

      #mysql -u root -p 123

      > Use radius;

Establishment of group information:

      > Insert into radgroupreply (groupname, attribute, op, value) values ( 'user', 'Auth-Type', ': =', 'Local');

      > Insert into radgroupreply (groupname, attribute, op, value) values ( 'user', 'Service-Type', ': =', 'Framed-User');

      > Insert into radgroupreply (groupname, attribute, op, value) values ( 'user', 'Feamed-IP-Address', ': =', '255.255.255.255');

      > Insert into radgroupreply (groupname, attribute, op, value) values ( 'user', 'Framed-IP-Netmask', ': =', '255.255.255.0');

The establishment of user information:

      > Insert into radcheck (username, attribute, op, value) values ( 'test', 'User-Password', ': =', '110');

Adding a user group:

      > Insert into radusergroup (username, groupname) values ( 'test', 'user');

      > Exit; // exit database

Fourth, the test radius:

1. # radius -X // error detection mode to start the service radius

2. open another terminal using the command:

#radtest test 110 localhost 10 testing123 testing.

If the Access-Accept the installation was successful.
     
         
         
         
  More:      
 
- Installation image conversion tool on your Ubuntu Converseen 0.8.1 (Linux)
- Help you to see Linux system architecture type 5 Common Commands (Linux)
- MNIST presentation and database conversion (Database)
- Jump table (skiplist) of code (Programming)
- Nginx Module Development - get user ip (Server)
- Detailed installation of CentOS 6.x (Linux)
- CentOS Linux firewall configuration and Close (Linux)
- The difference between free command displays the buffers and cache (Linux)
- xCAT line installation on CentOS 6.X (Linux)
- LAMP and LNMP automated installation scripts (Server)
- CentOS 6.x Basic System Optimization after installation (Linux)
- How do you temporarily emptied Bash environment variable before running the command on Linux (Linux)
- Android Application Development: Genymotion can not start solving (Linux)
- Learning the Linux powerful network management capabilities (Linux)
- Install and use automated tools Ansible in CentOS 7 (Linux)
- ogg Oracle to SQL Server 2005 to achieve synchronization (Database)
- Linux Command Line Art (Linux)
- MongoDB fragmentation (Cluster) (Database)
- Help you make Git Bisect (Linux)
- MySQL use benchmarking tool sysbench (Database)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.