Pptpd + mysql + freeradius in Centos6.0 for unified vpn account authentication management

Source: Internet
Author: User
Tags freeradius

System Centos6.0; 192.168.182.20.

This article is also one of the recent projects; for the next vpn tunnel and multi-ip Route shunting;

-Rw-r -- 1 root 684342 June 19 22:49 ppp-2.4.5.tar.gz-rw-r -- r -- 1 root 74048 June 19 22:49 pptpd-1.3.4-2.el6.i686.rpm

These are two packages;

If pptpd is not good to download, welcome to my download area to download, because this foreign url is harmonious, I also use the accelerator to download; http://down.51cto.com/data/840850


1. The following operations are started;

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/011313C05-0.jpg "title =" 2.jpg"/>

[root@node1 ~]# vim /etc/pptpd.conf#pptpd.confoption /etc/ppp/options.pptpdlogwtmplocalip 192.168.182.133remoteip 172.16.0.2-254
[root@node1 ~]# vim /etc/ppp/options.pptpdname pptpdrefuse-paprefuse-chaprefuse-mschaprequire-mschap-v2require-mppe-128proxyarplocknobsdcompnovjnovjccompnologfdms-dns 8.8.8.8logfile /var/log/pptpd.log
[root@node1 ~]# vim /etc/ppp/chap-secrets# Secrets for authentication using CHAP# client        server  secret                  IP addresses  test          pptpd   test123                 *
[root@node1 ~]# cat /etc/sysctl.conf |grep -v ^# |grep -v ^#net.ipv4.ip_forward = 1
[root@node1 ~]# iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -j MASQUERADE

Ps; restart the service; test whether local dialing is normal;

Tested, dial OK;

2. Install mysql and freeradius;

yum install mysql* freeradius* -y

Create a radius database, import related SQL statements, and create a test user;

mysql> create database radius;
[root@node1 ~]# mysql -u root -p  radius < /etc/raddb/sql/mysql/admin.sql[root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/cui.sql[root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/nas.sql[root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/schema.sql[root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/wimax.sql
mysql> insert into radius.radcheck (Username,Attribute,op,Value) values('lansgg','password','==','lansgg123')

Configure the radius configuration file;

[root@node1 ~]# vim /etc/raddb/radiusd.conf700         $INCLUDE sql.conf
[Root @ node1 ~] # Vim/etc/raddb/SQL. conf28 database = "mysql" 33 driver = "rlm_ SQL _ $ {database}" 36 server = "localhost" 38 login = "root" 39 password = "123" 42 radius_db = "radius "50 acct_table1 =" radacct "51 acct_table2 =" radacct "100 readclients = yesps: the previous Sub-mark is the number of rows.
[root@node1 ~]# vim /etc/raddb/sites-enabled/default69 authorize {170 #       files177         sql252 authenticate {297 #       unix333 preacct {372 #       files389 #       unix406         sql449 session {454         sql461 post-auth {475         sql
[root@node1 ~]# vim /etc/raddb/sites-enabled/inner-tunnel124 #       files131         sql223 #       unix255         sql277         sql
[root@node1 ~]# vim /etc/raddb/eap.conf30                 default_eap_type = peap

Test integration of radius and mysql

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0113134c6-1.jpg "title =" 3.jpg"/>

3. below is the integration of pptpd and freeradius;

Decompress the ppp source code package and copy its configuration file;

[root@node1 ~]# tar zxvf ppp-2.4.5.tar.gz
[root@node1 ~]# mkdir /etc/ppp/radius[root@node1 ~]# cp -R  ppp-2.4.5/pppd/plugins/radius/etc/ /etc/ppp/radius/

Modify the radius path:

[root@node1 etc]# vim radiusclient.confauth_order      radiuslogin_tries     4login_timeout   60nologin /etc/nologinissue   /etc/ppp//radius/etc/issueauthserver      localhost:1812acctserver      localhost:1813servers         /etc/ppp/radius/etc/serversdictionary      /etc/ppp/radius/etc/dictionarylogin_radius    /usr/local/sbin/login.radiusseqfile         /var/run/radius.seqmapfile         /etc/ppp/radius/etc/port-id-mapdefault_realmradius_timeout  10radius_retries  3login_local     /bin/login
[Root @ node1 etc] # vim/etc/ppp/radius/etc/dictionaryINCLUDE/etc/ppp/radius/etc/dictionary. microsoftINCLUDE/etc/ppp/radius/etc/dictionary. ascend # Add INCLUDE/etc/ppp/radius/etc/dictionary. merit # added INCLUDE/etc/ppp/radius/etc/dictionary. compat # New

Increase options.ppt pd

[Root @ node1 etc] # vim/etc/ppp/options.ppt pdplugin/usr/lib/pppd/2.4.5/radius. so # Add radius-config-file/etc/ppp/radius/etc/radiusclient. conf # Add

Modify the radius Authentication Key;

[root@node1 raddb]# vim /etc/raddb/clients.conf101         secret          = lansggtest
[root@node1 raddb]# vim /etc/ppp/radius/etc/servers5 localhost                                       lansggtest

Tested. OK! Account: lansgg; Password: lansgg123)

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/0113131161-2.jpg "title =" courier 4.jpg "/>

This article is from the Coffee _ Blue Mountains blog, please be sure to keep this source http://lansgg.blog.51cto.com/5675165/1225461

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.