& Amp; lt; rhel6 + pptpd + freeradius + mysql & amp; gt;

Source: Internet
Author: User
Tags freeradius
Amp; lt; rhel6 + pptpd + freeradius + mysqlamp; amp; gt; RHELPPTP

This document describes the experiment environment. all the experiment results are verified in the data center. all the results are correct.

System environment: RHEL6 x86_64 selinux and iptables disabled

Software Download: http: // poptop. sourceforge. net/yum/stable/rhel 6/

Ftp://ftp.samba.org/pub/ppp

Install and configure pptpd

Echo 1>/proc/sys/net/ipv4/ip_forward

Yum install ppp-y

Rpm-ivh pptpd-1.3.4-2.el6.x86_64.rpm

Pptpd configuration file/etc/pptpd. conf

Localip 192.168.0.1

Remoteip192.168.0.234-238

Localip: IP address of the pptpd server, which can be set to any IP address bound to the server

Remoteip: Set the Ip address range that can be allocated after the client connects to the pptpd server.

Add Test user/etc/ppp/chap-secrets

# Client server secret IP addresses

Yakexi pptpd westos *

Note: the server name must be the same as the name set in/etc/ppp/options.ppt pd; otherwise, log on

Verification failed

Service pptpd start

Netstat-antlp | grep: 1723

Now you can test it with yakexi!

Install and configure freeradius

Yum install freeradius-mysql freeradius-utils-y

Tar zxf ppp-2.4.5.tar.gz

Mkdir/etc/radiusclient

Cp ppp-2.4.5/pppd/plugins/radius/etc/*/etc/radiusclient

Cd/etc/radiusclient

Add the address and password of the radius server to the servers file.

Localhost westos

Modify the radiusclient. conf file to make sure that all paths related to radiusclient in this file are

It must start with/etc/radiusclient. For example:

Servers/usr/local/etc/radiusclient/servers

To:

Servers/etc/radiusclient/servers

Modify/etc/ppp/options.ppt pd and add the following lines:

Plugin/usr/lib64/pppd/2.4.5/radius. so

Cd/etc/raddb

Modify clients. conf

Client localhost {

Ipaddr = 127.0.0.1

Secret = westos (consistent with the settings in/etc/radiusclient/servers)

....

}

Support for mysql

Modify/etc/raddb/radius. conf

$ INCLUDE SQL. conf # Remove comments

Modify/etc/raddb/sites-available/default

Authorize {

# Files

SQL

....

}

Accounting {

# Radutmp

SQL

....

}

Session {

# Radutmp

SQL

}

Post-auth {

SQL

}

Modify/etc/raddb/SQL. conf

SQL {

Database = "mysql"

Driver = "rlm_ SQL _mysql"

Server = "localhost"

Login = "radius"

Password = "radpass"

Radius_db = "radius"

....

}

Modify/etc/raddb/SQL/mysql/dialup. conf and remove the following comments:

Simul_count_query = "select count (*)/

FROM ${acct_table1 }/

WHERE username = '% {SQL-User-Name }'/

AND acctstoptime is null"

Yum install mysql-server-y

Service mysqld start

Cd/etc/raddb/SQL/mysql/

Mysqladmin create radius

Mysql radius <schema. SQL

Mysql <admin. SQL

Mysql> insert into radgroupreply (groupname, attribute, op, value) values

('User', 'auth-type', ': =', 'local ');

Mysql> insert into radgroupreply (groupname, attribute, op, value) values

('User', 'Service-type', ': =', 'framed-user ');

Mysql> insert into radgroupreply (groupname, attribute, op, value) values

('User', 'framed-IP-address', ': =', '2017. 255.255.254 ');

Mysql> insert into radgroupreply (groupname, attribute, op, value) values

('User', 'framed-IP-netmask', ': =', '2017. 255.255.0 ');

Mysql> insert into radgroupcheck (groupname, attribute, op, value) values

('User', 'simultaneous-use', ': =', '1'); (this parameter can be set to one account only once. optional)

Mysql> insert into radcheck (username, attribute, op, value) values ('test', 'userpassword', ': =', 'test'); (Add Account test, password test)

Mysql> insert into radusergroup (username, groupname) values ('test', 'User ');

To add an account later, you only need to perform the preceding two steps.

Service radiusd start

Service pptpd stop

Service pptpd start

Run the following command to test:

# Radtest test localhost 0 westos

Sending Access-Request of id 13 to 127.0.0.1 port 1812

User-Name = "test"

User-Password = "test"

NAS-IP-Address = 127.0.0.1

NAS-Port = 0

Rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id = 13, length = 38

Service-Type = Framed-User

Framed-IP-Address = 255.255.255.254

Framed-IP-Netmask = 255.255.255.0

Access-Accept indicates that Access is successful.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.