PPPOE + FreeRADIUS + MySQL configuration record-Linux Enterprise Application-Linux server application information. The following is a detailed description. The PPPOE dial-up server has been put into practice in the last two days because there is little information on the Internet,
Therefore, it is necessary to record the information to help the comrades who need to do such things in the future.
Where the ppp-2.4.3.tar.gz can be downloaded in the http://ppp.samba.org/
Linux-2.4.30.tar.bz2 in http://www.kernel.org/can be downloaded
Ppp-2.4.3-mppe-mppc-1.1.patch.gz and linux-2.4.30-mppe-mppc-1.3.patch.gz
You can download
Rp-pppoe-3.5.tar.gz in http://www.roaringpenguin.com/penguin/open_source_rp-pppoe.php
Can be downloaded
Mysql-4.1.12.tar.gz can be downloaded in http://dev.mysql.com/
The freeradius-1.0.4.tar.gz can be downloaded in http://www.freeradius.org.
My system installed ppp and pppoe for me at the beginning. I deleted them for self-reliance. It is more convenient to do this in debian:
# Apt-get remove ppp pppconfig pppoe pppoeconf
1. recompile the kernel to support PPP and PPPOE;
First, extract the kernel source code and install the MPPC + MPPE patch. Then make menuconfig and add the following support:
Code maturity level options -->;
Prompt for development and/or incomplete code/drivers Networking options -->;
Packet socket
Packet socket: mmapped io Network device support -->; ; PPP (point-to-point protocol) support
PPP multilink support (EXPERIMENTAL) ; PPP support for async serial ports ; PPP support for sync tty ports ; PPP Deflate compression ; Ppp bsd-Compress compression ; Microsoft PPP compression/encryption (MPPC/MPPE) ; PPP over Ethernet (EXPERIMENTAL) Character devices -->;
Non-standard serial port support [M] hdlc line discipline support Cryptographic options --->; [M] SHA1 digest algorithm [M] ARC4 cipher algorithm Recompile the kernel according to the above configuration, and then install the kernel. After it is started, it will be used for backup.
2. Create a/dev/ppp device file, which is required for ppp dialing.
# Mknod -- mode = 664/dev/ppp c 108 0 3. Make sure that/etc/modules. conf contains the following lines:
Alias char-major-108 ppp_generic Alias tty-ldisc-3 ppp_async Alias tty-ldisc-13 n_hdlc Alias tty-ldisc-14 ppp_synctty Alias net-pf-24 pppoe 4. Install ppp-2.4.3.tar.gz After Uncompressing the file, install the ppp-2.4.3-mppe-mppc-1.1.patch.gz patch, and then compile and install the patch:
# Tar zxvf php-2.4.3.tar.gz # Gunzip ppp-2.4.3-mppe-mppc-1.1.patch.gz # Patch-p0 <ppp-2.4.3-mppe-mppc-1.1.patch # Cd ppp-2.4.3 #./Configure # Make # Make install-etcppp # Chmod u + s/usr/local/sbin/pppd # Cd .. 5. Install rp-pppoe
# Tar zxvf rp-pppoe-3.5.tar.gz # Cd rp-pppoe-3.5/src #./Configure -- prefix =/usr/local -- enable-plugin =.../ppp-2.4.3 # Make # Make install 6. Copy the generated rp-pppoe.so/radius. so modules to the configuration directory of ppp.
# Cat/etc/ppp/pppoe-server-options Auth Require-chap Default-mru Default-asyncmap Lcp-echo-interval 60 Lcp-echo-failure 5 Ms-dns 192.168.0.2 Ms-dns 61.132.90.92 Noipdefault Noipx Nodefaultroute Noproxyarp Noktune 10.0.0.1: 10.0.0.200 Netmask 255.255.255.255 Logfile/var/log/pppd. log * Here 192.168.0.2 and 61.132.90.92 are my dns * 10.0.0.1: 10.0.0.200 is the IP address range allocated by the client.
9. Set the password file (first implement Text File Password Authentication)
/Usr/local/sbin/pppoe-server-k-I eth0-L 192.168.1.123-R 10.0.0.1-N 128 *-K uses the PPP kernel mode *-I eth0: Enable the NIC device for pppoe dial-up access *-L local IP Address *-R client start IP *-N maximum number of concurrent connections
11. Enable IP Forwarding so that the client can access the Internet through the pppoe server.
# Echo 1>;/proc/sys/net/ipv4/ip_forward # Iptables-t nat-a postrouting-o eth0-j MASQUERADE-s 0/0 After the instance is started, you can use PPPOE for dial-up access. The client can use win2000 + raspppoe or pppoe that comes with WinXP. I can't use win2003 + raspppoe. I just need to use PPPOE that comes with win2003. It must be a problem of software compression, the MPPC patch should support software compression. Let's talk about this later.
If you cannot access the dial-up server after dialing, remove the software compression enabled in the PPP settings of the client.
Take a rest first. Continue later. ---------------------------------------------------------
The last written back said that we used ppp + rp-pppoe to set up the pppoe dial-up server and used the text file authentication method. This time we will talk about how ppp uses radius for authentication, I will not talk about the benefits of radius Authentication. On the one hand, it supports databases and on the other hand, it supports billing.
1. Install mysql first;
2. Install freeradius; Freeradius is a thoughtful things. It takes into account n multiple backends, which are supported by oracle, mssql, and ldap, and mysql is even more difficult. If not, install:
# Tar zxvf freeradius-1.0.4.tar.gz # Cd freeradius-1.0.4 #./Configure -- prefix =/usr/local/freeradius # Make # Make install It should be noted that freeradius requires the openssl library, so if it is not installed in the system, you should install it in advance.
3. Configure freeradius; 1) Modify clients. conf
# Vi/usr/local/freeradius/etc/raddb/clients. conf Client 127.0.0.1 { Secret = 123456 Shortname = localhost Nastype = other } Here secret = 123456 indicates the password required to connect to the radius service from the client 127.0.0.1. 2) Modify naslist and add:
# Vi/usr/local/freeradius/etc/raddb/naslist Localhost local portslave 3) edit users and add users: (this user is saved in a text file for testing)
# Vi/usr/local/freeradius/etc/raddb/users Hefish Auth-Type: = local, User-Password = 123456, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 10.0.0.2, Framed-IP-Netmask = 255.255.255.0 4) Start radiusd to test the radiusd service:
#/Usr/local/freeradius/sbin/radiusd-X #/Usr/local/freeradius/bin/radtest hefish 123456 localhost 0 123456 If the word "Access-Accept" appears, the radius starts to work. The next step is to cultivate radiusd and use mysql for authentication.
5) Create a database in mysql first;
#/Usr/local/mysql/bin/mysqladmin-u root-p create radius # Cd freeradius-1.0.4/src/modules/rlm_ SQL/drivers/rlm_ SQL _mysql #/Usr/local/mysql/bin/mysql-u root-p radius <db_mysql. SQL 6) EDIT radius. conf to support mysql authentication;
Accounting { ... SQL ... } 7) EDIT SQL. conf so that radius can access mysql
# Vi/usr/local/freeradius/etc/raddb/SQL. conf SQL { Driver = "rlm_ SQL _mysql" Server = "localhost" Login = "root" Password = "mysql password" Radius_db = "radius" // The remaining configuration is default (if you want to bind a user account, Nic MAC, or phone number, you can modify the following configuration) } 8) add some data to the database;
#/Usr/local/mysql/bin/mysql-u root-p radius Add some group information first: Insert into radgroupreply (groupname, attribute, op, value) values ('user', 'auth-type', ': =', 'local '); Insert into radgroupreply (groupname, attribute, op, value) values ('user', 'service-type', '=', 'framed-user '); Insert into radgroupreply (groupname, attribute, op, value) values ('user', 'framed-IP-netmask', '=', '2017. 255.255.255 '); Insert into radgroupcheck (groupname, attribute, op, value) values ("user", "Auth-Type", ": =", "Local ");
Then add the user information: Insert into radcheck (username, attribute, op, value) values ('heiyu ', 'user-password',' = ', '123 ');
Then add the user to the group: Insert into usergroup (username, groupname) values ('heiyu ', 'user '); 9) to allow the radius to call mysql correctly, you must specify the location of the database:
# Echo/usr/local/freeradius/lib>;/etc/ld. so. conf # Ldconfig 10) Start radiusd and perform the following test:
#/Usr/local/freeradius/sbin/radiusd-X #/Usr/local/freeradius/bin/radtest heyu123456 localhost 0 123456 The words "Access-Accept" are OK. In this case, you can officially start radiusd.
#/Usr/local/freeradius/sbin/radiusd 4. Configure pppd to work with radius; 1) create a/etc/ppp/radius directory to store the radius configuration, and then copy the radius configuration in the ppp-2.4.3:
# Mkdir/etc/ppp/radiuds # Cd ppp-2.4.3/pppd/plugins/radius/etc # Cp */etc/ppp/radius 2) edit/etc/ppp/options and add radius support
# Add the following two sentences to vi/etc/ppp/options: Plugin/etc/ppp/plugins/radius. so // pay attention to the location of radius. so during pppd Installation Radius-config-file/etc/ppp/radius/radiusclient. conf 3) edit the radiusclient. conf file as follows)
# Cat/etc/ppp/radius/radiusclient. conf Auth_order radius Login_tries 4 Login_timeout 60 Nologin/etc/nologin Issue/etc/ppp/radius/issue Authserver localhost: 1812 Acctserver localhost: 1813 Servers/etc/ppp/radius/servers Dictionary/etc/ppp/radius/dictionary Login_radius/usr/local/sbin/login. radius Seqfile/var/run/radius. seq Mapfile/etc/ppp/radius/port-id-map Default_realm Radius_timeout 10 Radius_retries 3 Login_local/bin/login 4) EDIT servers and set the location of the radius server.
# Cat/etc/ppp/radius/servers Localhost 123456 // here, 123456 is the password used to access the radius server. 5) EDIT dictionary and modify some path settings, mainly the path settings of the last dictionary. microsoft.
# Vi/etc/ppp/radius/dictionary .. ... INCLUDE/etc/ppp/radius/dictionary. microsoft 6) you can dial the number and use the account in the database to log on. You should be able to log on. All logon records are stored in the mysql radacct table, which is very convenient for statistics.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.