Install freeradius + radius manager3.9 and lnmpfreeradius in LNMP Environment

Source: Internet
Author: User
Tags install perl ioncube freeradius

Install freeradius + radius manager3.9 and lnmpfreeradius in LNMP Environment


1. Install the web environment and use the LNMP one-key installation package
For detailed installation steps, refer
Https://lnmp.org/install.html

2. install components missing from LNMP after installation.
IonCube component Installation
Go to the lnmp decompressed directory and run:./addons. sh install ionCube.
After you press enter to confirm, ionCube loader is automatically installed.

Yum install perl-DBI

Yum freeradius-mysql freeradius-utils

3. Install FreeRadius
Wget http://www.dmasoftlab.com/cont/download/freeradius-server-2.1.8-dmamod-1.tar.gz
Tar xvf freeradius-server-2.1.8-dmamod-1.tar.gz
Cd freeradius-server-2.1.8
./Configure
Make
Make install

4. File owner and permission Configuration
Chmod 644/usr/local/etc/raddb/dictionary
Chown www/usr/local/etc/raddb
Chown www/usr/local/etc/raddb/clients. conf

5. Test FreeRadius
Radiusd-X
Error
"Error while loading shared libraries: libfreeradius-radius-2.1.8.so: cannot open shared object file: no such file or directory ."

The solution is to add/usr/local/lib to/etc/ld. so. conf.

The content of the ld. so. conf file is as follows:
Include/etc/ld. so. conf. d/*. conf
Add a row/usr/local/lib
Enter/sbin/ldconfig and perform the preceding steps again.
The Ldconfig command caches the library files in the paths listed in/etc/ld. so. conf to/etc/ld.

Debug radiusd-X with this command
Error
Failed binding to authentication address * port 1812: Address already in use
/Usr/local/etc/raddb/radiusd. conf [240]: Error binding to port for 0.0.0.0 port 1812

Port occupation problems.
Use the command lsof-I: 1812
Get
Command pid user fd type device size/OFF NODE NAME
Radiusd 11163 radiusd 5u IPv4 949974 0t0 UDP *: radius
It turns out that the radius is occupied by itself.

Solution (brute force)
Kill 11163 (radius process PID, centos view process PID command: ps-ef)
If this command is not found, you can use yum install psmisc for installation.

Radiusd-X debugging again
Display Ready to process requests.

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file/usr/local/var/run/radiusd. sock
Listening on proxy address * port 1814
Ready to process requests.

Freeradius has been installed successfully.

6. Configure freeradius in detail, because we need to integrate with RM. here we need to configure the radius file in detail.
The following describes how to install freeradius in the lnmp environment package.
Run the command: yum install perl-DBI freeradius-mysql freeradius-utils.

You can install radius in one step. I personally suggest using the installation package to install radius step by step. In this way, you can locate and solve the problem at any time.

There are two ways to configure the radius file:

A: A simple method to directly overwrite A file written by glzjin (Zhao yichuxin)
Wget https://github.com/glzjin/Radius-install/raw/master/radiusd.conf-O/etc/raddb/radiusd. conf
Wget https://github.com/glzjin/Radius-install/raw/master/default-O/etc/raddb/sites-enabled/default
Wget https://github.com/glzjin/Radius-install/raw/master/dialup.conf-O/etc/raddb/SQL/mysql/dialup. conf
Wget https://github.com/glzjin/Radius-install/raw/master/dictionary-O/etc/raddb/dictionary
Wget https://github.com/glzjin/Radius-install/raw/master/counter.conf-O/etc/raddb/SQL/mysql/counter. conf

B: detailed manual configuration is as follows:
# Edit the/usr/local/etc/raddb/radiusd. conf file

Vi/usr/local/etc/raddb/radiusd. conf
Change "allow_vulnerabel_openssl = no" to yes
Find "$ INCLUDE SQL. conf" (row 743) and remove #
Find "$ INCLUDE SQL/mysql/counter. conf" (row 712) and remove #

# Clear the/usr/local/etc/raddb/sites-enabled/default file and copy the configured file to save it.
Cat/dev/null>/usr/local/etc/raddb/sites-enabled/default
Vi/usr/local/etc/raddb/sites-enabled/default

# Clear the/usr/local/etc/raddb/sites-enabled/inner-tunnel file and copy the configured file to save it.
Cat/dev/null>/usr/local/etc/raddb/sites-enabled/inner-tunnel
Vi/usr/local/etc/raddb/sites-enabled/inner-tunnel

# Edit/usr/local/etc/raddb/eap. conf and change the MD5 verification method to peap.
Vi/usr/local/etc/raddb/eap. conf
Change md5 ult_eap_type = md5 to default_eap_type = peap in Row 3.

# Edit the/usr/local/etc/raddb/modules/mschap file and modify it to the following content:
Vi/usr/local/etc/raddb/modules/mschap
Mschap {use_mppe = yes require_encryption = yes require_strong = yes}

# Edit the/usr/local/etc/raddb/SQL/mysql/dialup. conf file
Vi/usr/local/etc/raddb/SQL/mysql/dialup. conf

Find simul_count_query and remove comments from line 279-282. Open the simul_count_query function.

# Edit the/usr/local/etc/raddb/SQL/mysql/counter. conf file and add a custom computing Function
Monthlytrafficcounter (monthly computing traffic) and yearlytrafficcounter (Annual computing traffic)
Vi/usr/local/etc/raddb/SQL/mysql/counter. conf

Add at the end
Sqlcounter monthlytrafficcounter {
Counter-name = Monthly-Traffic
Check-name = Max-Monthly-Traffic
Reply-name = Monthly-Traffic-Limit
Sqlmod-inst = SQL
Key = User-Name
Reset = monthly
Query = "select abs (SUM (acctinputoctets + acctoutputoctets) DIV 1048576) FROM radacct WHERE UserName = '% {% k}' AND AcctStartTime> = date_sub (curdate (), interval 30 day )"
}

Sqlcounter yearlytrafficcounter {
Counter-name = Yearly-Traffic
Check-name = Max-Yearly-Traffic
Reply-name = Yearly-Traffic-Limit
Sqlmod-inst = SQL
Key = User-Name
Reset = never
Query = "select abs (SUM (acctinputoctets + acctoutputoctets) DIV 1048576) FROM radacct WHERE UserName = '% {% k}' AND AcctStartTime> = date_sub (curdate (), interval 365 day )"
}

# Edit the dictionary file/usr/local/etc/raddb/dictionary
Vi/usr/local/etc/raddb/dictionary

# Add the following content
ATTRIBUTE Max-Monthly-Traffic 3003 integer
ATTRIBUTE Monthly-Traffic-Limit 3004 integer
ATTRIBUTE Acct-Interim-Interval 85 integer
ATTRIBUTE Max-Yearly-Traffic 3003 integer
ATTRIBUTE Yearly-Traffic-Limit 3004 integer


7. Create and set MySql-related databases
The two methods are as follows:
A. Use phpmyadmin to create
Phpmyadmin, http: // your IP/phpmyadmin in the lnmp Environment
Create two databases: radius and conntrack
Click Account> Add User Account
Enter the user name and password and click (Create a database with the same name as the user under the user account database and grant all permissions .)

B. Use the ssh Login command to create
Mysql-u root-p password # log on to mysql, super account root and password
Create database radius; # CREATE a radius DATABASE
Create database conntrack; # CREATE a conntrack DATABASE
Create user 'radius '@ 'localhost' identified by 'radius123'; # CREATE a USER radius with the password radius123
Create user 'conntrack' @ 'localhost' identified by 'conn123'; # create user conntrack and password conn123
Grant all on radius. * TO radius @ localhost; # Set access permissions for the radius Database
Grant all on conntrack. * TO conntrack @ localhost; # Set access permissions for the conntrack Database

8. Configure the freeradius Database
/Usr/local/etc/raddb/SQL. conf # use radius/radius123
# Connection info:
Server = "localhost"
# Port = 3306
Login = "radius"
Password = "radius123 ″

Find a row of readclients, set it to yes, and remove the annotator #

NOTE: If freeraduis is directly installed in yun at, then the SQL. conf file
In the/etc/raddb/SQL. conf directory.

9. Disable SELINUX (reboot required)
/Etc/sysconfig/selinux
SELINUX = disabled


10. modify the MAC address of the machine because I downloaded the RM3.9 version to crack it. The authorization file and MAC address are both released by the attacker (you need to restart it to take effect. PS: RM4.16 can also be handled in the same way, if you have any friends, please contact me)

You cannot use this command: ifconfig eth0 down (disable Nic). If you use this command for ssh connections, you will immediately lose the line. Don't say the reason.

The correct method:
Use winscp to download the ifcfg-eth0 in/etc/sysconfig/network-scripts

Modify "HWADDR = xx: xx" to "MACADDR = 00: D0: 09: B8: B7: 34"

Upload overwrite. It takes effect after the machine is restarted.

11. Install Radius Manager

First, create a web

You can use lnmp vhost add to create a mysql database.

Use winscpto upload radiusmanager-3.9.0.tar.gz to the root directory
Tar zxvf radiusmanager-3.9.0.tar.gz
Cd radiusmanager-3.9.0
Chmod 755 install. sh
./Install. sh

The Radius Manager installer appears.
Copyright 2004-2011, DMA Softlab LLC
All right reserved.
(Use CTRL + C to abort any time)
Select the type of your operating system:
1. Redhat (Fedora, CentOS etc .)
2. Debian (Ubuntu etc .)
Choose an option: [1] (My centos System)

Selected operating system is: REDHAT
Select installation type:
1. New installation
2. Upgrade old system
Choose an option: [1] (new installation)

Selected installation method: NEW INSTALLATION
WWW root path: [/var/www/html] Here is the web directory we have created/home/wwwroot/your domain name
RADIUS database host: [localhost]
RADIUS database username: [radius] # use radius
RADIUS database password: [radius123] password of your radius database
CTS database host: [localhost]
CTS database username: [conntrack] # Use conntrack
CTS database password: [conn123] Your conntrack password
Freeradius UNIX user: [root] # Use root
Httpd UNIX user: [apache] changed to WWW
Create rmpoller service: [y]
Create rmconntrack service: [y]
Back up RADIUS database: [y]
WARNING! If You continue You will overwrite the existing RADIUS database!
Are You sure to start the installation? [N] y
Starting installation process...
Copying WEB content to/home/wwwroot/your domain name/radiusmanager
Copying binaries to/usr/local/bin
Copying rootexec to/usr/local/sbin
Copying radiusmanager. cfg to/etc
Backing up RADIUS database...
Creating MySQL tables
Creating rmpoller service
Creating rmconntrack service
Copying logrotate script
Setting permission on raddb files
Copying radiusd init script to/etc/init. d
Installation finished!

12. Modify the RM configuration file
/Etc/radiusmanager. cfg
/Home/wwwroot/your domain name/radiusmanager/config/system_cfg.php

13. Modify the RM file from the root directory to the main directory
Cd radiusmanager --> mv * ../--> cd ../

14. modify directory file permissions
Chattr-I/home/wwwroot/your domain name/. user. ini
Chown www: www-R/home/wwwroot/your domain name
Chmod-R 777/home/wwwroot/your domain name
Chmod 755/usr/local/bin/rmauth
Chmod 755/usr/local/bin/rmacnt
Chmod 755/usr/local/bin/rmpoller
Chmod 600/etc/radiusmanager. cfg
Chmod 755/usr/local/bin/rmconntrack
Chmod 4755/usr/local/sbin/rootexec

Restart the server. Access address http: // your domain name/admin. php account admin password 1111
User Access address http: // your domain name/user. php account user password 1111

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.