freeradius+mysql+交换机认证
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了freeradius+mysql+交换机认证相关的知识,希望对你有一定的参考价值。
一、关闭防火墙和Selinux
[[email protected] raddb]# service iptables stop
[[email protected] raddb]# vim /etc/selinux/config
SELINUX=disabled
二、安装freedius
[[email protected] raddb]#yum install freeradius* -y
三、需要安装mysql
(1)创建数据库:creat database radius;
(2)登陆mysql,use radius
导入两个表:
mysql> source /etc/raddb/sql/mysql/schema.sql
mysql> source /etc/raddb/sql/mysql/nas.sql
(3)启用sql认证
[[email protected] sites-enabled]# vim /etc/raddb/sites-enabled/default
把authorize{} 、accounting {}中的sql前面的#去掉,并把authorize{} 中的files前加#;
(4)修改与mysql数据库连接的配置文件
[[email protected] raddb]# vim /etc/raddb/sql.conf
database = "mysql"
#
# Which FreeRADIUS driver to use.
#
driver = "rlm_sql_${database}"
# Connection info:
server = "localhost"
#port = 3306
login = "root"
password = "111111"
# Database table configuration for everything except Oracle
radius_db = "radius"
(5)修改客户端配置信息
client 127.0.0.1 {
secret = testing123
shortname = localhost
nastype = other
}
client 192.168.11.254 {
# # secret and password are mapped through the "secrets" file.
secret = testing123
shortname = liv1
# # the following three fields are optional, but may be used by
# # checkrad.pl for simultaneous usage checks
nastype = livingston
login = xxxxxxx
password = xxxxxxx
}
(6)修改radius配置文件
/usr/local/etc/raddb/radiusd.conf
modules {}
一定要取消这一行的注释: $INCLUDE sql.conf
(7)重新运行radiusd -X会出现如下问题。 yum -y install mysql-devel
四、数据库操作
mysql> use radius;
mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘user‘,‘Auth-Type‘,‘:=‘,‘Local‘);
mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘user‘,‘Service-Type‘,‘:=‘,‘Framed-User‘);
建立用户信息:
mysql> insert into radcheck (username,attribute,op,value) values (‘xxxxx‘,‘User-Password‘,‘:=‘,‘xxxxxxx‘);
mysql> insert into radusergroup (username,groupname) values (‘xxxx‘,‘user‘);
五、开始测试
#radiusd -X
pkill radiusd
要重新开一个shell终端来执行下面的命令
#radtest test test localhost 0 testing123
六、交换机配置:
radius scheme xxxx
server-type extended
primary authentication 192.168.11.34
domain xxxxx
authentication login radius-scheme xxxxxx
access-limit disable
state active
idle-cut disable
self-service-url disable
domain default enable xxxxxxx
本文出自 “山猫” 博客,谢绝转载!
以上是关于freeradius+mysql+交换机认证的主要内容,如果未能解决你的问题,请参考以下文章
freeradius 3.0使用ldap bind windows ad 来认证用户
Cisco AnyConnect 通过FreeRADIUS集成域账号+Google MFA认证