<rhel6+pptpd+freeradius+mysql>

Source: Internet
Author: User
Tags freeradius

This document to learn the experimental environment, the content of experimental results are all in the computer room calibration, all correct.

System environment: RHEL6 x86_64 SELinux and iptables disabled
Software Download: http://Poptop.  SourceForge. Net/yum/stable/rhel 6/
Ftp://ftp.samba.org/pub/ppp

Installation Configuration pptpd
Echo 1 >/proc/sys/net/ipv4/ip_forward
Yum Install Ppp-y
RPM-IVH pptpd-1.3.4-2.el6.x86_64.rpm
Configuration file for pptpd/etc/pptpd.conf
Localip 192.168.0.1
remoteip192.168.0.234-238
LOCALIP:PPTPD server IP address, which can be set to any IP address bound by the server
REMOTEIP: Sets the range of Ip addresses that are available for assignment after a client connects to PPTPD server
Add test User/etc/ppp/chap-secrets
#client Server Secret IP addresses
Yakexi pptpd Westos *
Note: The server name must match the name set in/ETC/PPP/OPTIONS.PPTPD, otherwise the login
Validation cannot be passed
Service PPTPD Start
netstat-antlp|grep:1723
Now you can test it with Yakexi!
Installation Configuration Freeradius
Yum Install Freeradius Freeradius-mysql freeradius-utils-y
Tar zxf ppp-2.4.5.tar.gz
Mkdir/etc/radiusclient
CP ppp-2.4.5/pppd/plugins/radius/etc/*/etc/radiusclient
Cd/etc/radiusclient
Add the RADIUS server address and password in the servers file
localhost Westos
Modify the radiusclient.conf file to ensure that all radiusclient-related paths in this file are
Beginning with the/etc/radiusclient. For example:
Servers/usr/local/etc/radiusclient/servers
Modified to:
Servers/etc/radiusclient/servers
To modify/ETC/PPP/OPTIONS.PPTPD, add the following line:
Plugin/usr/lib64/pppd/2.4.5/radius.so
Cd/etc/raddb
Modify Clients.conf
Client localhost {
IPADDR = 127.0.0.1
Secret = Westos (consistent with settings in/etc/radiusclient/servers)
....
}
Support MySQL
Modify/etc/raddb/radius.conf
$INCLUDE sql.conf #去掉注释
Modify/etc/raddb/sites-available/default
Authorize {
#files
Sql
....
}
Accounting {
#radutmp
Sql
....
}
session{
#radutmp
Sql
}
Post-auth {
Sql
}
Modify/etc/raddb/sql.conf
SQL {
Database = "MySQL"
Driver = "Rlm_sql_mysql"
Server = "localhost"
Login = "radius"
Password = "Radpass"
radius_db = "radius"
....
}
Modify the/etc/raddb/sql/mysql/dialup.conf to remove the comment from the following line:
Simul_count_query = "SELECT count (*) \
From ${acct_table1} \
WHERE username = '%{sql-user-name} ' \
And Acctstoptime is NULL "
Yum install MySQL Mysql-server-y
Service mysqld Start
cd/etc/raddb/sql/mysql/
Mysqladmin Create Radius
MySQL Radius < Schema.sql
MySQL < Admin.sql
mysql> INSERT INTO radgroupreply (Groupname,attribute,op,value) values
(' User ', ' auth-type ', ': = ', ' Local ');
mysql> INSERT INTO radgroupreply (Groupname,attribute,op,value) values
(' User ', ' service-type ', ': = ', ' Framed-user ');
mysql> INSERT INTO radgroupreply (Groupname,attribute,op,value) values
(' User ', ' framed-ip-address ', ': = ', ' 255.255.255.254 ');
mysql> INSERT INTO radgroupreply (Groupname,attribute,op,value) values
(' User ', ' framed-ip-netmask ', ': = ', ' 255.255.255.0 ');
Mysql>insert into Radgroupcheck (groupname,attribute,op,value) values
(' User ', ' simultaneous-use ', ': = ', ' 1 '); (Limit one account can only be dialed once, optional)
mysql> INSERT INTO Radcheck (username,attribute,op,value) VALUES (' Test ', ' UserPassword ', ': = ', ' test '); (Add account test, password test)
mysql> INSERT INTO Radusergroup (username,groupname) VALUES (' Test ', ' user ');
Adding an account later requires only two steps above
Service RADIUSD Start
Service PPTPD Stop
Service PPTPD Start
Execute the command to test:
# radtest test test localhost 0 westos
Sending access-request of ID 127.0.0.1 Port 1812
User-name = "Test"
User-password = "Test"
Nas-ip-address = 127.0.0.1
Nas-port = 0
Rad_recv:access-accept packet from host 127.0.0.1 Port 1812, id=13, length=38
Service-type = Framed-user
Framed-ip-address = 255.255.255.254
Framed-ip-netmask = 255.255.255.0
To see the access-accept words means success.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.