CentOS 5.4 pptp + freeradius2 + mysql + daloradius perfect integration (illustrated)

CentOS 5.4 pptp + freeradius2 + mysql + daloradius perfect integration (illustrated) I. Install related configuration packages

1. Install httpd, mysql, and php related packages [plain] 1. [root @ localhost ~] # Yum-y install httpd-devel mysql-server mysql-devel 2. [root @ localhost ~] # Yum-y install php-devel php-mysql php-common php-gd php-mbstring php-mcry 2. Configure httpd service: [plain] 1. [root @ localhost ~] # Netstat-ant | grep 80 2. [root @ localhost ~] #/Etc/init. d/httpd start 3. Starting httpd: [OK] 4. [root @ localhost ~] # Vi/etc/sysconfig/iptables 5. [root @ localhost ~] # Grep 80/etc/sysconfig/iptables 6.-A RH-Firewall-1-INPUT-p tcp-m tcp -- dport 80-j ACCEPT # Add this line 7. [root @ localhost ~] #/Etc/init. d/iptables restart 8. flushing firewall rules: [OK] 9. setting chains to policy ACCEPT: filter nat [OK] 10. unloading iptables modules: [OK] 11. applying iptables firewall rules: [OK] 12. loading additional iptables modules: ip_conntrack_netbios_n [OK] 13. [root @ localhost ~] # Chkconfig httpd -- list 14. httpd 0: off 1: off 2: off 3: off 4: off 5: off 6: off 15. [root @ localhost ~] # Chkconfig httpd on # Set httpd to automatically start 16. [root @ localhost ~] # Chkconfig httpd -- list 17. httpd 0: off 1: off 2: on 3: on 4: on 5: on 6: off 18. [root @ localhost ~] # Netstat-ant | grep 80 19. tcp 0 0 ::: 80 ::: * LISTEN 3. Start mysql database: [plain] 1. [root @ localhost ~] #/Etc/init. d/mysqld start 2. initializing MySQL database: Installing MySQL system tables... 3. OK 4. filling help tables... 5. OK 6. 7. to start mysqld at boot time you have to copy 8. support-files/mysql. server to the right place for your system 9. 10. please remember to set a password for the MySQL root USER! 11. to do so, start the server, then issue the following commands: 12. /usr/bin/mysqladmin-u root password 'new-password' 13. /usr/bin/mysqladmin-u root-h localhost. localdomain password 'new-password' 14. 15. alternatively you can run: 16. /usr/bin/mysql_secure_installation 17. 18. see the manual for more instructions. 19. 20. you can start the MySQL daemon with: 21. cd/usr;/usr/bin/mysqld_s Afe & 22. 23. you can test the MySQL daemon with mysql-test-run.pl 24. cd mysql-test; perl mysql-test-run.pl 25. 26. please report any problems with the/usr/bin/mysqlbug script! 27. 28. The latest information about MySQL is available on the web at 29. http://www.mysql.com 30. Support MySQL by buying support/licenses http://shop.mysql.com 31. [OK] 32. Starting mysqld: [OK] 4. Set the Database Password; [plain] 1. [root @ localhost ~] # Mysqladmin-u root password 'leekwen' 5. Install the Freeradius2 package [plain] 1. [root @ localhost ~] # Yum install-y freeradius2 freeradius2-mysql freeradius2-utils 6. Start the radius process, debug mode: [plain] 1. [root @ localhost ~] # Radiusd-X 2. freeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu, built on Jan 9 2013 at 05:02:57 3. copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 4 .... adding new socket proxy address * port 51738 5. listening on authentication address * port 1812 6. listening on accounting address * port 1813 7. listening on command file/var/run/radiusd. sock 8. listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel 9. listening on proxy address * port 1814 10. ready to process requests.

 

7. Enable another terminal for testing. 8. If the result is different, temporarily disable the firewall. The command for temporarily disabling the firewall is as follows:

[Plain] 1. [root @ localhost ~] # Iptables-F run the test command again: [plain] 1. [root @ localhost ~] # Radtest steve testing localhost 1812 testing123 ###############!! Error !! ############## Failed binding to authentication address * port 1812: Address already in use/etc/raddb/radiusd. conf [240]: Error binding to port for 0.0.0.0 port 1812

 

Run the lsof command and killall-9 radiusd command to test the service! 2. Download the ppp source code file and integrate the ppp client: 1. Download the source code:

[Plain] 1. [root @ localhost ~] # Wget ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz 2. -- 18:33:36 -- ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz 3. => 'ppp-2.4.4.tar.gz '4. resolving ftp.samba.org... 216.83.154.106, 2001: 470: 1f05: 1a07: 1 5. connecting to ftp.samba.org | 216.83.154.106 |: 21... connected. 6. logging in as anonymous... logged in! 7. ==> SYST... done. ==> PWD... done. 8. ==> type I... done. ==> CWD/pub/ppp... done. 9. SIZE ppp-2.4.4.tar.gz... 688763 10. ==> PASV... done. ==> RETR ppp-2.4.4.tar.gz... done. 11. length: 688763 (673 K) 12. 13. 100% [============================================== ====>] 688,763 135 K/s in 5.3 s 14. 15. 18:33:45 (127 KB/s)-'ppp-2.4.4.tar.gz 'saved [688763] 2. decompress and configure [plain] 1. [root @ Localhost ~] # Tar zxf ppp-2.4.4.tar.gz 2. [root @ localhost ~] # Cp-R ppp-2.4.4/pppd/plugins/radius/etc/radiusclient 3. [root @ localhost ~] # Cp/etc/radiusclient. conf/etc/radiusclient. conf. bak 4. [root @ localhost ~] # Vi/etc/radiusclient. conf 5. the configuration file after the row number is modified 6. 25 change issue/usr/local/etc/radiusclient/issue to issue/etc/radiusclient/issue 7. 46 modify servers/usr/local/etc/radiusclient/servers to servers/etc/radiusclient/servers 8. 50 dictionary/usr/local/etc/radiusclient/dictionary: dictionary/etc/radiusclient/dictionary 9. 61 mapfile/usr/local/etc/radiusclient/port-id-map: mapfile/e Tc/radiusclient/port-id-map Description: Modify the path of the relevant configuration file to ensure radiusclient. in the conf file, the radiusclient-related paths start with "/etc/radiusclient. 3. Configure the dictionary file: [plain] 1. [root @ localhost ~] # Ls-l/etc/radiusclient/dictionary * 2. -rw-r -- 1 root 7656 Jul 1 18:34/etc/radiusclient/dictionary 3. -rw-r -- 1 root 12295 Jul 1 18:34/etc/radiusclient/dictionary. ascend 4. -rw-r -- 1 root 1395 Jul 1 18:34/etc/radiusclient/dictionary. compat 5. -rw-r -- 1 root 599 Jul 1 18:34/etc/radiusclient/dictionary. merit 6. -rw-r -- 1 root 2649 Jul 1 18:34/etc/radiusc Lient/dictionary. microsoft 7. [root @ localhost ~] # Vi/etc/radiusclient/dictionary 8. row number file content 9. 253 INCLUDE/etc/radiusclient/dictionary. microsoft 10. 254 INCLUDE/etc/radiusclient/dictionary. merit # Add this row 11. 255 INCLUDE/etc/radiusclient/dictionary. ascend # Add this row 12. 256 INCLUDE/etc/radiusclient/dictionary. compat # Add this row

 

4. Add the freeradius plug-in to the pptpd service:

[Plain] 1. [root @ localhost ~] # Vi/etc/ppp/options.ppt pd 2. row number file content 3. 128 # put plugins here 4. 129 # (putting them higher up may cause them to sent messages to the pty) 5. 130 plugin/usr/lib/pppd/2.4.4/radius. so # Add this row. 6. 131 plugin/usr/lib/pppd/2.4.4/radattr. so # Add this line 7. 132 radius-config-file/etc/radiusclient. conf # Add this line 8. [root @ localhost ~] # Tail-n 3/etc/ppp/options.ppt pd 9. plugin/usr/lib/pppd/2.4.4/radius. so 10. plugin/usr/lib/pppd/2.4.4/radattr. so 11. radius-config-file/etc/radiusclient. conf

 

3. Create a radius database and import the corresponding database table: You can run the following command or use the Navicat for MySQL tool:

1. mysql import file is provided in radius: [plain] 1. [root @ localhost ~] # Ls/etc/raddb/SQL/mysql /*. SQL-l 2. -rw-r ----- 1 root radiusd 661 Jan 9/etc/raddb/SQL/mysql/admin. SQL 3. -rw-r ----- 1 root radiusd 452 Jan 9/etc/raddb/SQL/mysql/cui. SQL 4. -rw-r ----- 1 root radiusd 761 Jan 9/etc/raddb/SQL/mysql/ippool. SQL 5. -rw-r ----- 1 root radiusd 399 Jan 9/etc/raddb/SQL/mysql/nas. SQL 6. -rw-r ----- 1 root radiusd 4318 Jan 9/etc/raddb/SQL/mysql/schema. SQL 7. -rw-r ----- 1 root radiusd 407 Jan 9/etc/raddb/SQL/mysql/wimax. SQL

 

2. The command method is used here. First, the radius database is created. In order to facilitate future use of the Navicat for MySQL tool to manage the Mysql database, the permissions are easily modified: 3. The code can be copied for specific operations:

[Plain] 1. [root @ localhost ~] # Mysql-uroot-p 2. enter password: 3. welcome to the MySQL monitor. commands end with; or \ g. 4. your MySQL connection id is 4 5. server version: 5.0.95 Source distribution 6. 7. copyright (c) 2000,201 1, Oracle and/or its affiliates. all rights reserved. 8. 9. oracle is a registered trademark of Oracle Corporation and/or its 10. affiliates. other names may be trademarks of their respective 11. Owners. 12. 13. type 'help; 'or' \ H' for help. type '\ C' to clear the current input statement. 14. 15. mysql> show databases; 16. + -------------------- + 17. | Database | 18. + -------------------- + 19. | information_schema | 20. | mysql | 21. | test | 22. + -------------------- + 23. 3 rows in set (0.00 sec) 24. 25. mysql> create database radius default character set utf8 COLLATE utf8_general_ci; 26. Query OK, 1 row affected (0.00 sec) 27. 28. mysql> grant all privileges on *. * TO 'root' @ '%' identified by 'leekwen' with grant option; 29. query OK, 0 rows affected (0.00 sec) 30. 31. mysql> flush PRIVILEGES; 32. query OK, 0 rows affected (0.00 sec) 33. 34. mysql> \ q; 35. bye 36. [root @ localhost ~] # Mysql-uroot-p radius </etc/raddb/SQL/mysql/admin. SQL 37. Enter password: 38. [root @ localhost ~] # Mysql-uroot-p radius </etc/raddb/SQL/mysql/cui. SQL 39. Enter password: 40. [root @ localhost ~] # Mysql-uroot-p radius </etc/raddb/SQL/mysql/ippool. SQL 41. Enter password: 42. [root @ localhost ~] # Mysql-uroot-p radius </etc/raddb/SQL/mysql/nas. SQL 43. Enter password: 44. [root @ localhost ~] # Mysql-uroot-p radius </etc/raddb/SQL/mysql/schema. SQL 45. Enter password: 46. [root @ localhost ~] # Mysql-uroot-p radius </etc/raddb/SQL/mysql/wimax. SQL 47. enter password: 4. Database-related settings in the firewall: [plain] 1. [root @ localhost ~] # Grep 3306/etc/sysconfig/iptables 2. [root @ localhost ~] # Vi/etc/sysconfig/iptables 3. [root @ localhost ~] #/Etc/init. d/iptables restart 4. flushing firewall rules: [OK] 5. setting chains to policy ACCEPT: filter nat [OK] 6. unloading iptables modules: [OK] 7. applying iptables firewall rules: [OK] 8. loading additional iptables modules: ip_conntrack_netbios_n [OK] 9. [root @ localhost ~] # Grep 3306/etc/sysconfig/iptables 10.-A RH-Firewall-1-INPUT-p tcp-m tcp -- dport 3306-j ACCEPT

 

4. Modify the radius configuration file:

[Plain] 1. [root @ localhost ~] # Cp/etc/raddb/radiusd. conf/etc/raddb/radiusd. conf. bak 2. [root @ localhost ~] # Vi/etc/raddb/radiusd. conf 3. row number | modified Configuration | unmodified configuration 4. 700 | $ INCLUDE SQL. conf | # $ INCLUDE SQL. conf <------ remove comments #5. 712 | $ INCLUDE SQL/mysql/counter. conf | # $ INCLUDE SQL/mysql/counter. conf <------ remove comments #6. 7. [root @ localhost ~] # Cp/etc/raddb/SQL. conf/etc/raddb/SQL. conf. bak 8. [root @ localhost ~] # Vi/etc/raddb/SQL. conf 9. row number | modified Configuration | unmodified configuration 10. 38 | login = "root" | login = "radius" <------ modify the username used to connect to mysql. 11. 39 | password = "leekwen" | password = "radpass" <------ modify mysql connection password 12. 100 | readclients = yes | # readclients = yes <------ remove comments #

 

Note: If you run radiusd-X, the configuration file is loaded. If you see the loaded configuration file, the following error occurs :!!! Error !!! Duplicate virtual server "inner-tunnel" in file/etc/raddb/sites-enabled/inner-tunnel: 11 and file/etc/raddb/sites-enabled/inner-tunnel.bak: 11 Please set/etc/raddb/sites-enabled/inner-tunnel.bak with/etc/raddb/sites-enabled/default. all Baks are deleted, which is why the two files are not backed up before editing:

[Plain] 1. [root @ localhost ~] # Vi/etc/raddb/sites-enabled/default 2. row number | modified Configuration | unmodified configuration 3. 170 # files | files <------ add comments #4. 177 SQL | # SQL <------ remove comments #5. 372 # files | files <------ add comments #6. 406 SQL | # SQL <------ remove comments #7. 454 SQL | # SQL <------ remove comments #8. 475 SQL | # SQL <------ remove comments #9. 10. [root @ localhost ~] # Vi/etc/raddb/sites-enabled/inner-tunnel 11. row number | modified Configuration | unmodified configuration 12. 124 # files | files <------ add note #13. 131 SQL | # SQL <------ remove comments #14. 255 SQL | # SQL <------ remove comments #15. 277 SQL | # SQL <------ remove comments #

 

2. Start the radiusd service, insert the test account to the database, and view the test result! 3. After the test is passed, modify the default key password:

[Plain] 1. [root @ localhost ~] # Cp/etc/raddb/clients. conf/etc/raddb/clients. conf. bak 2. [root @ localhost ~] # Vi/etc/raddb/clients. conf 3. 4. row number | modified Configuration | unmodified configuration 5. 101 secret = leekwen | secret = testing123

 

4. Restart the related services and test the database users! 5. After the test is passed, perform a client-side dial-up connection and view the client-side dial-up log on the server: 6. At this point, pptpd + freeradius2 + mysql has been integrated.