OpenSER + Radius full strategy

Freeradius requires an openssl library that has been pre-installed with openssl-0.9.7a-46.i686 in quicklinux

If mysql is not installed in the/usr/local/directory, a connection is required:
# Ln-s/opt/lapmcp/apmc // usr/local/mysql

First install freeradius and test it without connecting to mysql:
# Cd/home/zyq/tempfile/OpenSER_ins/AAA
# Tar-xzvf freeradius-1.1.4.tar.gz
# Cd freeradius-1.1.4
#. /Configure -- with-rlm-SQL-lib-dir =/opt/lapmcp/apmc/lib/mysql/-- with-rlm-SQL-include-dir =/opt/lapmcp/ apmc/include/mysql/
# Make
# Make install WITH_MYSQL = yes

Configure freeradius;
1) Modify clients. conf
# Vi/usr/local/etc/raddb/clients. conf
Client 127.0.0.1 {
Secret = testing123
Shortname = localhost
Nastype = other
} // It already exists by default. Here secret = testing123 indicates the password required to connect to the radius service from the client 127.0.0.1.

2) Modify naslist and add:
# Vi/usr/local/etc/raddb/naslist
Localhost local portslave
// Existing by default

3) edit users and add users: (this user is saved in a text file for testing)
# Vi/usr/local/etc/raddb/users
In the example of steve, add
Hefish Auth-Type: = local, User-Password = "123456"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.137.2,
Framed-IP-Netmask = 255.255.255.0
In the example Jone Doe section, add
Powerlift Auth-Type: = Local, User-Password = "ilovelinux"
Reply-Message = "Hello, powerlift! "
Save and exit.

4) perform the test
#/Usr/local/sbin/radiusd-X
Then open another terminal to test:
# Radtest hefish 123456 localhost 0 testing123
Return Value:
Sending Access-Request of id 11 to 127.0.0.1 port 1812
User-Name = "hefish"
User-Password = "123456"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Rad_recv: Access-Accept packet from host 127.0.0.1: 1812, id = 11, length = 44
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 192.168.137.2
Framed-IP-Netmask = 255.255.255.0
Pass the test and test again:
# Radtest powerlift ilovelinux localhost 0 testing123
Return Value:
Sending Access-Request of id 15 to 127.0.0.1 port 1812
User-Name = "powerlift"
User-Password = "ilovelinux"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Rad_recv: Access-Accept packet from host 127.0.0.1: 1812, id = 15, length = 39
Reply-Message = "Hello, powerlift! "
Test passed.

5) Configure radiusd to use mysql for authentication. Create a database in mysql first:
#/Usr/local/mysql/bin/mysqladmin-u root-p create radius
# Cd/home/zyq/tempfile/OpenSER_ins/AAA/freeradius-1.1.4/doc/examples
#/Usr/local/mysql/bin/mysql-u root-p radius <mysql. SQL

6) EDIT radiusd. conf to support mysql authentication;
# Vi/usr/local/etc/raddb/radiusd. conf
Authorize {
Preprocess
Chap
Mschap
Suffix
SQL
...
}
Accounting {
...
SQL
...
}

7) EDIT SQL. conf so that radius can access mysql
# Vi/usr/local/etc/raddb/SQL. conf
SQL {
Driver = "rlm_ SQL _mysql"
Server = "localhost"
Login = "root"
Password = "mysql password"
Radius_db = "radius"
// The remaining configuration is default (if you want to bind a user account, Nic MAC, or phone number, you can modify the following configuration)
}

8) add some data to the database;
#/Usr/local/mysql/bin/mysql-u root-p radius
Add some group information first:
Insert into radgroupreply (groupname, attribute, op, value) values (user, Auth-Type,: =, Local );
Insert into radgroupreply (groupname, attribute, op, value) values (user, Service-Type, =, Framed-User );
Insert into radgroupreply (groupname, attribute, op, value) values (user, Framed-IP-Netmask, =, limit 255 );
Insert into radgroupcheck (groupname, attribute, op, value) values ("user", "Auth-Type", ": =", "Local ");
Then add the user information:
Insert into radcheck (username, attribute, op, value) values (zyq, User-Password, =, 12345678 );
Then add the user to the group:
Insert into usergroup (username, groupname) values (zyq, user );

9) to allow the radius to call mysql correctly, you must specify the location of the database:
# Echo/usr/lib>/etc/ld. so. conf
# Echo/usr/local/lib>/etc/ld. so. conf
# Echo/opt/lapmcp/apmc/lib>/etc/ld. so. conf
# Ldconfig

10) test freeradius + mysql:
# Radtest zyq 12345678 localhost 0 testing123
Received:
Sending Access-Request of id 146 to 127.0.0.1 port 1812
User-Name = "zyq"
User-Password = "12345678"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Rad_recv: Access-Accept packet from host 127.0.0.1: 1812, id = 146, length = 32
Service-Type = Framed-User
Framed-IP-Netmask = 255.255.255.255

==========================================
Install radius-client:
~ # Tar xvfz radiusclient-ng-X.Y.Z.tar.gz
~ # Cd radiusclient-ng-X.Y.Z
~ #./Configure
~ # Make
~ # Make install

Install OpenSER with freeradius:
Check whether mysql. h and libmysqlclient. so are in place.
Run libmysqlclient. so, libmysqlclient. so.15, libmysqlclient_r.so, and libmysqlclient_r.so.15 from/usr/local/mysql/lib/mysql to/usr/lib.
Mysql. h is in/usr/local/mysql/include/mysql. If mysql is not a standard installation, cp the mysql directory to/usr/local/include.

Compile and install OpenSER:
~> Tar xzvf openser-1.1.0_src.tar.gz
~> Cd openser-1.1.0
~> Vi modules/acc/Makefile
Remove the comments from the following two rows:
DEFS + =-DRAD_ACC-I $ (LOCALBASE)/include
LIBS =-L $ (LOCALBASE)/lib-lradiusclient-ng
~> Vi Makefile
Exclude_modules? = Jabber cpl-c pa mysql postgres osp unixodbc
Avp_radius auth_radius group_radius uri_radius
Comment out the second line and delete the mysql
~> NICER = 1 make all
~> Make install

After it is finished, it will be generated under/usr/local/sbin.
Openser, openserctl, openserunix, and openser_mysql.sh files
Use openser_mysql.sh create to create a database:
~> Openser_mysql.sh create
MySql password for root: // mysql password
Domain (realm) for the default user admin: // press ENTER
Creating database openser...
Install SERWEB tables? (Y/n): y // Press y and press ENTER
Domain (realm) for the default user admin: // press ENTER
Creating serweb tables into openser