Amp; lt; rhel6 + pptpd + freeradius + mysqlamp; amp; gt; RHELPPTP
This document describes the experiment environment. all the experiment results are verified in the data center. all the results are correct.
System environment: RHEL6 x86_64 selinux and iptables disabled
Software Download: http: // poptop. sourceforge. net/yum/stable/rhel 6/
Ftp://ftp.samba.org/pub/ppp
Install and configure pptpd
Echo 1>/proc/sys/net/ipv4/ip_forward
Yum install ppp-y
Rpm-ivh pptpd-1.3.4-2.el6.x86_64.rpm
Pptpd configuration file/etc/pptpd. conf
Localip 192.168.0.1
Remoteip192.168.0.234-238
Localip: IP address of the pptpd server, which can be set to any IP address bound to the server
Remoteip: Set the Ip address range that can be allocated after the client connects to the pptpd server.
Add Test user/etc/ppp/chap-secrets
# Client server secret IP addresses
Yakexi pptpd westos *
Note: the server name must be the same as the name set in/etc/ppp/options.ppt pd; otherwise, log on
Verification failed
Service pptpd start
Netstat-antlp | grep: 1723
Now you can test it with yakexi!
Install and configure freeradius
Yum install freeradius-mysql freeradius-utils-y
Tar zxf ppp-2.4.5.tar.gz
Mkdir/etc/radiusclient
Cp ppp-2.4.5/pppd/plugins/radius/etc/*/etc/radiusclient
Cd/etc/radiusclient
Add the address and password of the radius server to the servers file.
Localhost westos
Modify the radiusclient. conf file to make sure that all paths related to radiusclient in this file are
It must start with/etc/radiusclient. For example:
Servers/usr/local/etc/radiusclient/servers
To:
Servers/etc/radiusclient/servers
Modify/etc/ppp/options.ppt pd and add the following lines:
Plugin/usr/lib64/pppd/2.4.5/radius. so
Cd/etc/raddb
Modify clients. conf
Client localhost {
Ipaddr = 127.0.0.1
Secret = westos (consistent with the settings in/etc/radiusclient/servers)
....
}
Support for mysql
Modify/etc/raddb/radius. conf
$ INCLUDE SQL. conf # Remove comments
Modify/etc/raddb/sites-available/default
Authorize {
# Files
SQL
....
}
Accounting {
# Radutmp
SQL
....
}
Session {
# Radutmp
SQL
}
Post-auth {
SQL
}
Modify/etc/raddb/SQL. conf
SQL {
Database = "mysql"
Driver = "rlm_ SQL _mysql"
Server = "localhost"
Login = "radius"
Password = "radpass"
Radius_db = "radius"
....
}
Modify/etc/raddb/SQL/mysql/dialup. conf and remove the following comments:
Simul_count_query = "select count (*)/
FROM ${acct_table1 }/
WHERE username = '% {SQL-User-Name }'/
AND acctstoptime is null"
Yum install mysql-server-y
Service mysqld start
Cd/etc/raddb/SQL/mysql/
Mysqladmin create radius
Mysql radius <schema. SQL
Mysql <admin. SQL
Mysql> insert into radgroupreply (groupname, attribute, op, value) values
('User', 'auth-type', ': =', 'local ');
Mysql> insert into radgroupreply (groupname, attribute, op, value) values
('User', 'Service-type', ': =', 'framed-user ');
Mysql> insert into radgroupreply (groupname, attribute, op, value) values
('User', 'framed-IP-address', ': =', '2017. 255.255.254 ');
Mysql> insert into radgroupreply (groupname, attribute, op, value) values
('User', 'framed-IP-netmask', ': =', '2017. 255.255.0 ');
Mysql> insert into radgroupcheck (groupname, attribute, op, value) values
('User', 'simultaneous-use', ': =', '1'); (this parameter can be set to one account only once. optional)
Mysql> insert into radcheck (username, attribute, op, value) values ('test', 'userpassword', ': =', 'test'); (Add Account test, password test)
Mysql> insert into radusergroup (username, groupname) values ('test', 'User ');
To add an account later, you only need to perform the preceding two steps.
Service radiusd start
Service pptpd stop
Service pptpd start
Run the following command to test:
# Radtest test localhost 0 westos
Sending Access-Request of id 13 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id = 13, length = 38
Service-Type = Framed-User
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.0
Access-Accept indicates that Access is successful.