Freeradius+mysql+daloradius Simple installation Configuration

Overview

I said it before. Freeradius in conjunction with AD for 802.1x authentication. This example combines Freeradius with MySQL and Daloradius on the basis of previous experimental configurationsto enable the Web-based management of radius server, and through the database for user authentication and other information storage. This example is only suitable for freeradius3.0.x versions in CENTOS7 environments .

Environment Preparation

1. freeradius Server, previously configured.

2. Components Apache,mariadb (MySQL),Daloradius, etc.

Installation Configuration1.    Install the necessary components

Yum install freeradius-mysql freeadius-client freeradius-devel php php-gd php-pear-db php-mysql httpd mariadb

"After installing pear-db in the new version of Daloradius , the front-end web will be able to work with the background database, otherwise it won't open the page"

• Open service

Systemctl Enable httpd

Systemctl Enable MARIADB

Systemctl Start httpd

Systemctl Start mariadb

2.    ConfigurationMysql

• Initialize configuration and build radius database and user

Mysql_secure_installation #mysql Initial security configuration

Mysql-uroot–p

CREATE DATABASE radius;

GRANT all on radius.* to [e-mail protected] identified by "Radpass"; Exit

• importing The RADIUS database schema

Mysql-uroot–p Radius </etc/raddb/mods-config/sql/main/mysql/schema.sql

3.    ConfigurationRadiusServer SupportMysql

• Join the sign-on connection feature

cd/etc/raddb/mods-enabled/

Ln–s. /mods-available/sql./#Equivalent to enabling the sql function module in Freeradius

• Confirm The following items in/etc/raddb/radiusd.conf already contain the appropriate directory configuration

Modules {

$INCLUDE mods-enabled/

}

Policy {

$INCLUDE site-enabled/

}

l  /etc/raddb/sites-available/default " accounting{} Span style= "font-family: ' The song Body '; >, session{} post-auth{} ' open Sql

l authroize{},session{} in/etc/raddb/sites-available/inner-tunnel , post-auth{} , open SQL in the following :

Authorize {

...

SQL #, if any-, also remove

...

}

• edit /etc/raddb/mods-avaible/sql, change database connection parameters

SQL {

Driver = "Rlm_sql_mysql"

Server = "localhost"

Port = 3306

Login = "radius"

Password = "Radpass"

radius_db = "radius"

}

Read_client = yes #Allow radius to read NAS information in the database

client_table = "nas" #Specify the table that stores nas information

4.    Installation ConfigurationDaloradius

• Download and unzip Daloradius

Wget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz

Tar ZXVF daloradius-0.9-9.tar.gz

MV Daloradius-0.9-9/var/www/html/radius

Chown–r Apache:apache/var/www/html/radius

• Import Database Schema

Mysql–uroot–p Radius </var/www/html/radius/contrib/db/mysql-daloradius.sql

Mysql–uroot–p Radius </var/www/html/radius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql

• edit /var/www/html/radius/library/daloradius.conf.php, configure connection database information

$configValues [' config_db_engine '] = ' mysql ';

$configValues [' config_db_host '] = ' localhost ';

$configValues [' config_db_port '] = ' 3306 ';

$configValues [' config_db_user '] = ' radius ';

$configValues [' config_db_pass '] = ' radpass ';

$configValues [' config_db_name '] = ' radius ';

$configValues [' config_file_radius_proxy '] = '/etc/raddb/proxy.conf ';

$configValues [' config_path_radius_dict '] = ';

$configValues [' config_path_dalo_variable_data '] = '/var/www/html/radius/var ';

5.    TestDaloradius

l login Http://10.10.10.100/radius to see if the page can be developed normally. The default user is administraor , Password:radius. Under normal circumstances, you can see the Home page after login

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/79/8F/wKioL1aUuOyTqvepAAEAPdz52w0912.png "style=" width : 450px;height:429px; "title=" 00.png "width=" height= "429" border= "0" hspace= "0" vspace= "0" alt= " Wkiol1auuoytqvepaaeapdz52w0912.png "/>

l Test NAS Management

Remove the items from the switches previously defined in/etc/raddb/clients.conf, add the switch nas to the Web page again, and verify whether the Windows client can authenticate properly.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/79/91/wKiom1aUuL7wQRnLAAFWX-qg_ZQ180.png "style=" width : 584px;height:460px; "title=" 01.png "width=" 584 "height=" 460 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" Wkiom1auul7wqrnlaafwx-qg_zq180.png "/>

l View Authentication Login information

If there is a validation result, it is displayed in the Radpostauth table in the database

Mysql–uroot–p radius

>select * from Radpostauth;

Summary:

This example simply explains the installation process, the implementation of simple verification information to view,Daloradius combined with radius can do a lot of other functions , such as firewall VPN authentication, etc. With my constant understanding of dalor, I will continue to give specific functions of the use of the way.

Freeradius+mysql+daloradius Simple installation Configuration