PPPOE + FreeRADIUS + MySQL configuration records

Source: Internet
Author: User
Tags openssl library freeradius
PPPOE + FreeRADIUS + MySQL configuration record-Linux Enterprise Application-Linux server application information. The following is a detailed description. The PPPOE dial-up server has been put into practice in the last two days because there is little information on the Internet,
Therefore, it is necessary to record the information to help the comrades who need to do such things in the future.

Hardware environment: C4 2.6/256 M/80g idehd/intel 82801 integrated Nic.
Software environment: Debian sarge 3.1r0 netinst
Packages used:
Ppp-2.4.3.tar.gz
Ppp-2.4.3-mppe-mppc-1.1.patch.gz
Linux-2.4.30.tar.bz2
Linux-2.4.30-mppe-mppc-1.3.patch.gz
Rp-pppoe-3.5.tar.gz
Mysql-4.1.12.tar.gz
Freeradius-1.0.4.tar.gz

Where the ppp-2.4.3.tar.gz can be downloaded in the http://ppp.samba.org/
Linux-2.4.30.tar.bz2 in http://www.kernel.org/can be downloaded
Ppp-2.4.3-mppe-mppc-1.1.patch.gz and linux-2.4.30-mppe-mppc-1.3.patch.gz
You can download
Rp-pppoe-3.5.tar.gz in http://www.roaringpenguin.com/penguin/open_source_rp-pppoe.php
Can be downloaded
Mysql-4.1.12.tar.gz can be downloaded in http://dev.mysql.com/
The freeradius-1.0.4.tar.gz can be downloaded in http://www.freeradius.org.


Network conditions:
IP: 192.168.1.123
Mask: 255.255.254.0
Gateway: 192.168.0.1
Dns: 192.168.0.2


Start as follows:

My system installed ppp and pppoe for me at the beginning. I deleted them for self-reliance. It is more convenient to do this in debian:


# Apt-get remove ppp pppconfig pppoe pppoeconf
1. recompile the kernel to support PPP and PPPOE;
First, extract the kernel source code and install the MPPC + MPPE patch. Then make menuconfig and add the following support:


Code maturity level options -->;
  • Prompt for development and/or incomplete code/drivers
    Networking options -->;
  • Packet socket
  • Packet socket: mmapped io
    Network device support -->;
    ; PPP (point-to-point protocol) support
  • PPP multilink support (EXPERIMENTAL)
    ; PPP support for async serial ports
    ; PPP support for sync tty ports
    ; PPP Deflate compression
    ; Ppp bsd-Compress compression
    ; Microsoft PPP compression/encryption (MPPC/MPPE)
    ; PPP over Ethernet (EXPERIMENTAL)
    Character devices -->;
  • Non-standard serial port support
    [M] hdlc line discipline support
    Cryptographic options --->;
    [M] SHA1 digest algorithm
    [M] ARC4 cipher algorithm
    Recompile the kernel according to the above configuration, and then install the kernel. After it is started, it will be used for backup.

    2. Create a/dev/ppp device file, which is required for ppp dialing.


    # Mknod -- mode = 664/dev/ppp c 108 0
    3. Make sure that/etc/modules. conf contains the following lines:


    Alias char-major-108 ppp_generic
    Alias tty-ldisc-3 ppp_async
    Alias tty-ldisc-13 n_hdlc
    Alias tty-ldisc-14 ppp_synctty
    Alias net-pf-24 pppoe
    4. Install ppp-2.4.3.tar.gz
    After Uncompressing the file, install the ppp-2.4.3-mppe-mppc-1.1.patch.gz patch, and then compile and install the patch:


    # Tar zxvf php-2.4.3.tar.gz
    # Gunzip ppp-2.4.3-mppe-mppc-1.1.patch.gz
    # Patch-p0 <ppp-2.4.3-mppe-mppc-1.1.patch
    # Cd ppp-2.4.3
    #./Configure
    # Make
    # Make install-etcppp
    # Chmod u + s/usr/local/sbin/pppd
    # Cd ..
    5. Install rp-pppoe


    # Tar zxvf rp-pppoe-3.5.tar.gz
    # Cd rp-pppoe-3.5/src
    #./Configure -- prefix =/usr/local -- enable-plugin =.../ppp-2.4.3
    # Make
    # Make install
    6. Copy the generated rp-pppoe.so/radius. so modules to the configuration directory of ppp.


    # Cp/usr/local/lib/pppd/2.4.3/*/etc/ppp/plugins
    7. Configure/etc/ppp/options


    # Cat/etc/ppp/options
    Lock
    Crtscts
    Nobsdcomp
    Nodeflate
    Nopcomp
    8. Configure/etc/ppp/pppoe-server-options.


    # Cat/etc/ppp/pppoe-server-options
    Auth
    Require-chap
    Default-mru
    Default-asyncmap
    Lcp-echo-interval 60
    Lcp-echo-failure 5
    Ms-dns 192.168.0.2
    Ms-dns 61.132.90.92
    Noipdefault
    Noipx
    Nodefaultroute
    Noproxyarp
    Noktune
    10.0.0.1: 10.0.0.200
    Netmask 255.255.255.255
    Logfile/var/log/pppd. log
    * Here 192.168.0.2 and 61.132.90.92 are my dns
    * 10.0.0.1: 10.0.0.200 is the IP address range allocated by the client.

    9. Set the password file (first implement Text File Password Authentication)


    # Cat/etc/ppp/chap-secrets
    Hefish * 123456 *
    10. Start the pppoe dial-in service:


    /Usr/local/sbin/pppoe-server-k-I eth0-L 192.168.1.123-R 10.0.0.1-N 128
    *-K uses the PPP kernel mode
    *-I eth0: Enable the NIC device for pppoe dial-up access
    *-L local IP Address
    *-R client start IP
    *-N maximum number of concurrent connections

    11. Enable IP Forwarding so that the client can access the Internet through the pppoe server.


    # Echo 1>;/proc/sys/net/ipv4/ip_forward
    # Iptables-t nat-a postrouting-o eth0-j MASQUERADE-s 0/0
    After the instance is started, you can use PPPOE for dial-up access.
    The client can use win2000 + raspppoe or pppoe that comes with WinXP. I can't use win2003 + raspppoe. I just need to use PPPOE that comes with win2003. It must be a problem of software compression, the MPPC patch should support software compression. Let's talk about this later.

    If you cannot access the dial-up server after dialing, remove the software compression enabled in the PPP settings of the client.

    Take a rest first. Continue later.
    ---------------------------------------------------------


    The last written back said that we used ppp + rp-pppoe to set up the pppoe dial-up server and used the text file authentication method. This time we will talk about how ppp uses radius for authentication, I will not talk about the benefits of radius Authentication. On the one hand, it supports databases and on the other hand, it supports billing.

    1. Install mysql first;

    2. Install freeradius;
    Freeradius is a thoughtful things. It takes into account n multiple backends, which are supported by oracle, mssql, and ldap, and mysql is even more difficult. If not, install:


    # Tar zxvf freeradius-1.0.4.tar.gz
    # Cd freeradius-1.0.4
    #./Configure -- prefix =/usr/local/freeradius
    # Make
    # Make install
    It should be noted that freeradius requires the openssl library, so if it is not installed in the system, you should install it in advance.

    3. Configure freeradius;
    1) Modify clients. conf


    # Vi/usr/local/freeradius/etc/raddb/clients. conf
    Client 127.0.0.1 {
    Secret = 123456
    Shortname = localhost
    Nastype = other
    }
    Here secret = 123456 indicates the password required to connect to the radius service from the client 127.0.0.1.
    2) Modify naslist and add:


    # Vi/usr/local/freeradius/etc/raddb/naslist
    Localhost local portslave
    3) edit users and add users: (this user is saved in a text file for testing)


    # Vi/usr/local/freeradius/etc/raddb/users
    Hefish Auth-Type: = local,
    User-Password = 123456,
    Service-Type = Framed-User,
    Framed-Protocol = PPP,
    Framed-IP-Address = 10.0.0.2,
    Framed-IP-Netmask = 255.255.255.0
    4) Start radiusd to test the radiusd service:


    #/Usr/local/freeradius/sbin/radiusd-X
    #/Usr/local/freeradius/bin/radtest hefish 123456 localhost 0 123456
    If the word "Access-Accept" appears, the radius starts to work. The next step is to cultivate radiusd and use mysql for authentication.

    5) Create a database in mysql first;


    #/Usr/local/mysql/bin/mysqladmin-u root-p create radius
    # Cd freeradius-1.0.4/src/modules/rlm_ SQL/drivers/rlm_ SQL _mysql
    #/Usr/local/mysql/bin/mysql-u root-p radius <db_mysql. SQL
    6) EDIT radius. conf to support mysql authentication;


    # Vi/usr/local/freeradius/etc/raddb/radius. conf
    Authorize {
    Preprocess
    Chap
    Mschap
    Suffix
    SQL
    ...
    }

    Accounting {
    ...
    SQL
    ...
    }
    7) EDIT SQL. conf so that radius can access mysql


    # Vi/usr/local/freeradius/etc/raddb/SQL. conf
    SQL {
    Driver = "rlm_ SQL _mysql"
    Server = "localhost"
    Login = "root"
    Password = "mysql password"
    Radius_db = "radius"
    // The remaining configuration is default (if you want to bind a user account, Nic MAC, or phone number, you can modify the following configuration)
    }
    8) add some data to the database;


    #/Usr/local/mysql/bin/mysql-u root-p radius
    Add some group information first:
    Insert into radgroupreply (groupname, attribute, op, value) values ('user', 'auth-type', ': =', 'local ');
    Insert into radgroupreply (groupname, attribute, op, value) values ('user', 'service-type', '=', 'framed-user ');
    Insert into radgroupreply (groupname, attribute, op, value) values ('user', 'framed-IP-netmask', '=', '2017. 255.255.255 ');
    Insert into radgroupcheck (groupname, attribute, op, value) values ("user", "Auth-Type", ": =", "Local ");

    Then add the user information:
    Insert into radcheck (username, attribute, op, value) values ('heiyu ', 'user-password',' = ', '123 ');

    Then add the user to the group:
    Insert into usergroup (username, groupname) values ('heiyu ', 'user ');
    9) to allow the radius to call mysql correctly, you must specify the location of the database:


    # Echo/usr/local/freeradius/lib>;/etc/ld. so. conf
    # Ldconfig
    10) Start radiusd and perform the following test:


    #/Usr/local/freeradius/sbin/radiusd-X
    #/Usr/local/freeradius/bin/radtest heyu123456 localhost 0 123456
    The words "Access-Accept" are OK. In this case, you can officially start radiusd.


    #/Usr/local/freeradius/sbin/radiusd
    4. Configure pppd to work with radius;
    1) create a/etc/ppp/radius directory to store the radius configuration, and then copy the radius configuration in the ppp-2.4.3:


    # Mkdir/etc/ppp/radiuds
    # Cd ppp-2.4.3/pppd/plugins/radius/etc
    # Cp */etc/ppp/radius
    2) edit/etc/ppp/options and add radius support


    # Add the following two sentences to vi/etc/ppp/options:
    Plugin/etc/ppp/plugins/radius. so // pay attention to the location of radius. so during pppd Installation
    Radius-config-file/etc/ppp/radius/radiusclient. conf
    3) edit the radiusclient. conf file as follows)


    # Cat/etc/ppp/radius/radiusclient. conf
    Auth_order radius
    Login_tries 4
    Login_timeout 60
    Nologin/etc/nologin
    Issue/etc/ppp/radius/issue
    Authserver localhost: 1812
    Acctserver localhost: 1813
    Servers/etc/ppp/radius/servers
    Dictionary/etc/ppp/radius/dictionary
    Login_radius/usr/local/sbin/login. radius
    Seqfile/var/run/radius. seq
    Mapfile/etc/ppp/radius/port-id-map
    Default_realm
    Radius_timeout 10
    Radius_retries 3
    Login_local/bin/login
    4) EDIT servers and set the location of the radius server.


    # Cat/etc/ppp/radius/servers
    Localhost 123456 // here, 123456 is the password used to access the radius server.
    5) EDIT dictionary and modify some path settings, mainly the path settings of the last dictionary. microsoft.



    # Vi/etc/ppp/radius/dictionary
    ..
    ...
    INCLUDE/etc/ppp/radius/dictionary. microsoft
    6) you can dial the number and use the account in the database to log on. You should be able to log on. All logon records are stored in the mysql radacct table, which is very convenient for statistics.
  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.