& Amp; lt; rhel6 + pptpd + freeradius + mysql & amp; gt;

Last Update:2018-04-18 Source: Internet

Author: User

Tags freeradius

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Amp; lt; rhel6 + pptpd + freeradius + mysqlamp; amp; gt; RHELPPTP

This document describes the experiment environment. all the experiment results are verified in the data center. all the results are correct.

System environment: RHEL6 x86_64 selinux and iptables disabled

Software Download: http: // poptop. sourceforge. net/yum/stable/rhel 6/

Ftp://ftp.samba.org/pub/ppp

Install and configure pptpd

Echo 1>/proc/sys/net/ipv4/ip_forward

Yum install ppp-y

Rpm-ivh pptpd-1.3.4-2.el6.x86_64.rpm

Pptpd configuration file/etc/pptpd. conf

Localip 192.168.0.1

Remoteip192.168.0.234-238

Localip: IP address of the pptpd server, which can be set to any IP address bound to the server

Remoteip: Set the Ip address range that can be allocated after the client connects to the pptpd server.

Add Test user/etc/ppp/chap-secrets

# Client server secret IP addresses

Yakexi pptpd westos *

Note: the server name must be the same as the name set in/etc/ppp/options.ppt pd; otherwise, log on

Verification failed

Service pptpd start

Netstat-antlp | grep: 1723

Now you can test it with yakexi!

Install and configure freeradius

Yum install freeradius-mysql freeradius-utils-y

Tar zxf ppp-2.4.5.tar.gz

Mkdir/etc/radiusclient

Cp ppp-2.4.5/pppd/plugins/radius/etc/*/etc/radiusclient

Cd/etc/radiusclient

Add the address and password of the radius server to the servers file.

Localhost westos

Modify the radiusclient. conf file to make sure that all paths related to radiusclient in this file are

It must start with/etc/radiusclient. For example:

Servers/usr/local/etc/radiusclient/servers

To:

Servers/etc/radiusclient/servers

Modify/etc/ppp/options.ppt pd and add the following lines:

Plugin/usr/lib64/pppd/2.4.5/radius. so

Cd/etc/raddb

Modify clients. conf

Client localhost {

Ipaddr = 127.0.0.1

Secret = westos (consistent with the settings in/etc/radiusclient/servers)

....

}

Support for mysql

Modify/etc/raddb/radius. conf

$ INCLUDE SQL. conf # Remove comments

Modify/etc/raddb/sites-available/default

Authorize {

# Files

SQL

....

}

Accounting {

# Radutmp

SQL

....

}

Session {

# Radutmp

SQL

}

Post-auth {

SQL

}

Modify/etc/raddb/SQL. conf

SQL {

Database = "mysql"

Driver = "rlm_ SQL _mysql"

Server = "localhost"

Password = "radpass"

Radius_db = "radius"

....

}

Modify/etc/raddb/SQL/mysql/dialup. conf and remove the following comments:

Simul_count_query = "select count (*)/

FROM ${acct_table1 }/

WHERE username = '% {SQL-User-Name }'/

AND acctstoptime is null"

Yum install mysql-server-y

Service mysqld start

Cd/etc/raddb/SQL/mysql/

Mysqladmin create radius

Mysql radius <schema. SQL

Mysql <admin. SQL

Mysql> insert into radgroupreply (groupname, attribute, op, value) values

('User', 'auth-type', ': =', 'local ');

Mysql> insert into radgroupreply (groupname, attribute, op, value) values

('User', 'Service-type', ': =', 'framed-user ');

Mysql> insert into radgroupreply (groupname, attribute, op, value) values

('User', 'framed-IP-address', ': =', '2017. 255.255.254 ');

Mysql> insert into radgroupreply (groupname, attribute, op, value) values

('User', 'framed-IP-netmask', ': =', '2017. 255.255.0 ');

Mysql> insert into radgroupcheck (groupname, attribute, op, value) values

('User', 'simultaneous-use', ': =', '1'); (this parameter can be set to one account only once. optional)

Mysql> insert into radcheck (username, attribute, op, value) values ('test', 'userpassword', ': =', 'test'); (Add Account test, password test)

Mysql> insert into radusergroup (username, groupname) values ('test', 'User ');

To add an account later, you only need to perform the preceding two steps.

Service radiusd start

Service pptpd stop

Service pptpd start

Run the following command to test:

# Radtest test localhost 0 westos

Sending Access-Request of id 13 to 127.0.0.1 port 1812

User-Name = "test"

User-Password = "test"

NAS-IP-Address = 127.0.0.1

NAS-Port = 0

Rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id = 13, length = 38

Service-Type = Framed-User

Framed-IP-Address = 255.255.255.254

Framed-IP-Netmask = 255.255.255.0

Access-Accept indicates that Access is successful.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More