OpenSER + Radius full strategy

Source: Internet
Author: User
Tags openssl library freeradius

Freeradius requires an openssl library that has been pre-installed with openssl-0.9.7a-46.i686 in quicklinux

If mysql is not installed in the/usr/local/directory, a connection is required:
# Ln-s/opt/lapmcp/apmc // usr/local/mysql

First install freeradius and test it without connecting to mysql:
# Cd/home/zyq/tempfile/OpenSER_ins/AAA
# Tar-xzvf freeradius-1.1.4.tar.gz
# Cd freeradius-1.1.4
#. /Configure -- with-rlm-SQL-lib-dir =/opt/lapmcp/apmc/lib/mysql/-- with-rlm-SQL-include-dir =/opt/lapmcp/ apmc/include/mysql/
# Make
# Make install WITH_MYSQL = yes

Configure freeradius;
1) Modify clients. conf
# Vi/usr/local/etc/raddb/clients. conf
Client 127.0.0.1 {
Secret = testing123
Shortname = localhost
Nastype = other
} // It already exists by default. Here secret = testing123 indicates the password required to connect to the radius service from the client 127.0.0.1.

2) Modify naslist and add:
# Vi/usr/local/etc/raddb/naslist
Localhost local portslave
// Existing by default

3) edit users and add users: (this user is saved in a text file for testing)
# Vi/usr/local/etc/raddb/users
In the example of steve, add
Hefish Auth-Type: = local, User-Password = "123456"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.137.2,
Framed-IP-Netmask = 255.255.255.0
In the example Jone Doe section, add
Powerlift Auth-Type: = Local, User-Password = "ilovelinux"
Reply-Message = "Hello, powerlift! "
Save and exit.

4) perform the test
#/Usr/local/sbin/radiusd-X
Then open another terminal to test:
# Radtest hefish 123456 localhost 0 testing123
Return Value:
Sending Access-Request of id 11 to 127.0.0.1 port 1812
User-Name = "hefish"
User-Password = "123456"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Rad_recv: Access-Accept packet from host 127.0.0.1: 1812, id = 11, length = 44
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 192.168.137.2
Framed-IP-Netmask = 255.255.255.0
Pass the test and test again:
# Radtest powerlift ilovelinux localhost 0 testing123
Return Value:
Sending Access-Request of id 15 to 127.0.0.1 port 1812
User-Name = "powerlift"
User-Password = "ilovelinux"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Rad_recv: Access-Accept packet from host 127.0.0.1: 1812, id = 15, length = 39
Reply-Message = "Hello, powerlift! "
Test passed.

5) Configure radiusd to use mysql for authentication. Create a database in mysql first:
#/Usr/local/mysql/bin/mysqladmin-u root-p create radius
# Cd/home/zyq/tempfile/OpenSER_ins/AAA/freeradius-1.1.4/doc/examples
#/Usr/local/mysql/bin/mysql-u root-p radius <mysql. SQL

6) EDIT radiusd. conf to support mysql authentication;
# Vi/usr/local/etc/raddb/radiusd. conf
Authorize {
Preprocess
Chap
Mschap
Suffix
SQL
...
}
Accounting {
...
SQL
...
}

7) EDIT SQL. conf so that radius can access mysql
# Vi/usr/local/etc/raddb/SQL. conf
SQL {
Driver = "rlm_ SQL _mysql"
Server = "localhost"
Login = "root"
Password = "mysql password"
Radius_db = "radius"
// The remaining configuration is default (if you want to bind a user account, Nic MAC, or phone number, you can modify the following configuration)
}

8) add some data to the database;
#/Usr/local/mysql/bin/mysql-u root-p radius
Add some group information first:
Insert into radgroupreply (groupname, attribute, op, value) values (user, Auth-Type,: =, Local );
Insert into radgroupreply (groupname, attribute, op, value) values (user, Service-Type, =, Framed-User );
Insert into radgroupreply (groupname, attribute, op, value) values (user, Framed-IP-Netmask, =, limit 255 );
Insert into radgroupcheck (groupname, attribute, op, value) values ("user", "Auth-Type", ": =", "Local ");
Then add the user information:
Insert into radcheck (username, attribute, op, value) values (zyq, User-Password, =, 12345678 );
Then add the user to the group:
Insert into usergroup (username, groupname) values (zyq, user );

9) to allow the radius to call mysql correctly, you must specify the location of the database:
# Echo/usr/lib>/etc/ld. so. conf
# Echo/usr/local/lib>/etc/ld. so. conf
# Echo/opt/lapmcp/apmc/lib>/etc/ld. so. conf
# Ldconfig

10) test freeradius + mysql:
# Radtest zyq 12345678 localhost 0 testing123
Received:
Sending Access-Request of id 146 to 127.0.0.1 port 1812
User-Name = "zyq"
User-Password = "12345678"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Rad_recv: Access-Accept packet from host 127.0.0.1: 1812, id = 146, length = 32
Service-Type = Framed-User
Framed-IP-Netmask = 255.255.255.255

==========================================
Install radius-client:
~ # Tar xvfz radiusclient-ng-X.Y.Z.tar.gz
~ # Cd radiusclient-ng-X.Y.Z
~ #./Configure
~ # Make
~ # Make install

Install OpenSER with freeradius:
Check whether mysql. h and libmysqlclient. so are in place.
Run libmysqlclient. so, libmysqlclient. so.15, libmysqlclient_r.so, and libmysqlclient_r.so.15 from/usr/local/mysql/lib/mysql to/usr/lib.
Mysql. h is in/usr/local/mysql/include/mysql. If mysql is not a standard installation, cp the mysql directory to/usr/local/include.

Compile and install OpenSER:
~> Tar xzvf openser-1.1.0_src.tar.gz
~> Cd openser-1.1.0
~> Vi modules/acc/Makefile
Remove the comments from the following two rows:
DEFS + =-DRAD_ACC-I $ (LOCALBASE)/include
LIBS =-L $ (LOCALBASE)/lib-lradiusclient-ng
~> Vi Makefile
Exclude_modules? = Jabber cpl-c pa mysql postgres osp unixodbc
Avp_radius auth_radius group_radius uri_radius
Comment out the second line and delete the mysql
~> NICER = 1 make all
~> Make install

After it is finished, it will be generated under/usr/local/sbin.
Openser, openserctl, openserunix, and openser_mysql.sh files
Use openser_mysql.sh create to create a database:
~> Openser_mysql.sh create
MySql password for root: // mysql password
Domain (realm) for the default user admin: // press ENTER
Creating database openser...
Install SERWEB tables? (Y/n): y // Press y and press ENTER
Domain (realm) for the default user admin: // press ENTER
Creating serweb tables into openser

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.