<rhel6+pptpd+freeradius+mysql>

This document to learn the experimental environment, the content of experimental results are all in the computer room calibration, all correct.

System environment: RHEL6 x86_64 SELinux and iptables disabled
Software Download: http://Poptop.  SourceForge. Net/yum/stable/rhel 6/
Ftp://ftp.samba.org/pub/ppp

Installation Configuration pptpd
Echo 1 >/proc/sys/net/ipv4/ip_forward
Yum Install Ppp-y
RPM-IVH pptpd-1.3.4-2.el6.x86_64.rpm
Configuration file for pptpd/etc/pptpd.conf
Localip 192.168.0.1
remoteip192.168.0.234-238
LOCALIP:PPTPD server IP address, which can be set to any IP address bound by the server
REMOTEIP: Sets the range of Ip addresses that are available for assignment after a client connects to PPTPD server
Add test User/etc/ppp/chap-secrets
#client Server Secret IP addresses
Yakexi pptpd Westos *
Note: The server name must match the name set in/ETC/PPP/OPTIONS.PPTPD, otherwise the login
Validation cannot be passed
Service PPTPD Start
netstat-antlp|grep:1723
Now you can test it with Yakexi!
Installation Configuration Freeradius
Yum Install Freeradius Freeradius-mysql freeradius-utils-y
Tar zxf ppp-2.4.5.tar.gz
Mkdir/etc/radiusclient
CP ppp-2.4.5/pppd/plugins/radius/etc/*/etc/radiusclient
Cd/etc/radiusclient
Add the RADIUS server address and password in the servers file
localhost Westos
Modify the radiusclient.conf file to ensure that all radiusclient-related paths in this file are
Beginning with the/etc/radiusclient. For example:
Servers/usr/local/etc/radiusclient/servers
Modified to:
Servers/etc/radiusclient/servers
To modify/ETC/PPP/OPTIONS.PPTPD, add the following line:
Plugin/usr/lib64/pppd/2.4.5/radius.so
Cd/etc/raddb
Modify Clients.conf
Client localhost {
IPADDR = 127.0.0.1
Secret = Westos (consistent with settings in/etc/radiusclient/servers)
....
}
Support MySQL
Modify/etc/raddb/radius.conf
$INCLUDE sql.conf #去掉注释
Modify/etc/raddb/sites-available/default
Authorize {
#files
Sql
....
}
Accounting {
#radutmp
Sql
....
}
session{
#radutmp
Sql
}
Post-auth {
Sql
}
Modify/etc/raddb/sql.conf
SQL {
Database = "MySQL"
Driver = "Rlm_sql_mysql"
Server = "localhost"
Login = "radius"
Password = "Radpass"
radius_db = "radius"
....
}
Modify the/etc/raddb/sql/mysql/dialup.conf to remove the comment from the following line:
Simul_count_query = "SELECT count (*) \
From ${acct_table1} \
WHERE username = '%{sql-user-name} ' \
And Acctstoptime is NULL "
Yum install MySQL Mysql-server-y
Service mysqld Start
cd/etc/raddb/sql/mysql/
Mysqladmin Create Radius
MySQL Radius < Schema.sql
MySQL < Admin.sql
mysql> INSERT INTO radgroupreply (Groupname,attribute,op,value) values
(' User ', ' auth-type ', ': = ', ' Local ');
mysql> INSERT INTO radgroupreply (Groupname,attribute,op,value) values
(' User ', ' service-type ', ': = ', ' Framed-user ');
mysql> INSERT INTO radgroupreply (Groupname,attribute,op,value) values
(' User ', ' framed-ip-address ', ': = ', ' 255.255.255.254 ');
mysql> INSERT INTO radgroupreply (Groupname,attribute,op,value) values
(' User ', ' framed-ip-netmask ', ': = ', ' 255.255.255.0 ');
Mysql>insert into Radgroupcheck (groupname,attribute,op,value) values
(' User ', ' simultaneous-use ', ': = ', ' 1 '); (Limit one account can only be dialed once, optional)
mysql> INSERT INTO Radcheck (username,attribute,op,value) VALUES (' Test ', ' UserPassword ', ': = ', ' test '); (Add account test, password test)
mysql> INSERT INTO Radusergroup (username,groupname) VALUES (' Test ', ' user ');
Adding an account later requires only two steps above
Service RADIUSD Start
Service PPTPD Stop
Service PPTPD Start
Execute the command to test:
# radtest test test localhost 0 westos
Sending access-request of ID 127.0.0.1 Port 1812
User-name = "Test"
User-password = "Test"
Nas-ip-address = 127.0.0.1
Nas-port = 0
Rad_recv:access-accept packet from host 127.0.0.1 Port 1812, id=13, length=38
Service-type = Framed-user
Framed-ip-address = 255.255.255.254
Framed-ip-netmask = 255.255.255.0
To see the access-accept words means success.