Install and debug freeradius on centos
1. Use yum to install freeradius2 instead of 1. If freeradius is used again, uninstall it first.
Yum remove freeradius
Install
Yum install freeradius2
Yum install freeradius2-utils // This includes radtest, user test
By default, freeradius uses files to authenticate users. If you do not use a database, install freeradius here.
2. modify the configuration file after installation.
Vi/etc/raddb/users
Find steve, comment out, and change steve to your user name. You can create multiple users as follows:
Dalon Cleartext-Password: = "testing"
Test Cleartext-Password: = "testing123"
3. Test
The executable file is/usr/sbin/radius.
Run in/usr/sbin/radius-X // debug mode. You can see the detailed process.
Radtest to test whether the server can respond:
Radtest test testing localhost 0 testing123
Test and testing are user names and keys respectively for the content in the configuration file users.
Localhost is the content in the clients. conf configuration file. The default localhost key is testing123.
0 means NAS-PORT 0, the default is 0, so do not configure. See the configuration in the/etc/raddb/radiusd. conf file, as follows:
Listen {
Ipaddr = * // listen to all IPV4 addresses
# Ipv6addr = ::
Port = 0 // nas-port
Type = acct
# Interface = eth0
# Clients = per_socket_clients
}
The test result is as follows ):
[Root @ CentOS ~] # Radtest-6 test test123: 1 0 testing123
Sending Access-Request of id 44 to: 1 port 1812
User-Name = "test"
User-Password = "test123"
NAS-IPv6-Address: 1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
Rad_recv: Access-Accept packet from host: 1 port 1812, id = 44, length = 20
4. Change the server to an IPV6 listener
File to be modified
A)/etc/raddb/radiusd. conf
Remove ipaddr = * from two listen {}, and then delete the comment.
B)/etc/raddb/clients. conf
Change the listening address in localhost to ipv6, as shown below:
Client localhost {
Listen 6addr =: 1 # any.: 1 = localhost
Create a group of clients (The following example is 3000:/64 CIDR block. You can also use:/0 ):
Client 3000:/64 {
Secret = testing123
Shortname = listen 6client // The Name Of The difference. It can be different from other groups.
}
5. debug information verified:
Rad_recv: Access-Request packet from host 3000: abcd port 60378, id = 232, length = 45
User-Name = "dalon"
User-Password = "testing"
# Executing section authorize from file/etc/raddb/sites-enabled/default
+-Entering group authorize {...}
++ [Preprocess] returns OK
++ [Chap] returns noop
++ [Mschap] returns noop
++ [Digest] returns noop
[Suffix] no' @ 'in User-Name = "dalon", looking up realm NULL
[Suffix] No such realm "NULL"
++ [Suffix] returns noop
[Eap] No EAP-Message, not doing EAP
++ [Eap] returns noop
[Files] users: Matched entry dalon at line 76
++ [Files] returns OK
++ [Expiration] returns noop
++ [Logintime] returns noop
++ [Pap] returns updated
Found Auth-Type = PAP
# Executing group from file/etc/raddb/sites-enabled/default
+-Entering group PAP {...}
[Pap] login attempt with password "testing"
[Pap] Using clear text password "testing"
[Pap] User authenticated successfully
+ + [Pap] returns OK
# Executing section post-auth from file/etc/raddb/sites-enabled/default
+-Entering group post-auth {...}
++ [Exec] returns noop
Sending Access-Accept of id 232 to 3000: abcd port 60378
Finished request 29.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 29 ID 232 with timestamp + 531
Ready to process requests.