./configure (如果出现错误，需要安装相应的devel rpm)

make

make install

生成所需的证书

/usr/local/etc/raddb/certs/bootstrap

ln -s /usr/local/sbin/rc.radiusd /etc/rc.d/init.d/radiusd

ln -s /usr/local/etc/raddb /etc/raddb

chkconfig radiusd on

/etc/rc.d/init.d/radiusd start

[root@centos5]# /usr/local/sbin/radiusd -v

radiusd: FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu, built on May 17 2008 at 12:20:44

Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.

There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE.

You may redistribute copies of FreeRADIUS under the terms of the

GNU General Public License.

For more information about these matters, see the file named COPYRIGHT.2、 FreeRADIUS SQL Module通用的SQL前端(rlm_sql)+数据库后端驱动(rlm_sql_mysql)前端： rlm_sql

中间驱动：rlm_sql_mysql后端： mysql_databaseComment:rlm_sql_mysql不是一个完整的mysql client, 仅仅是rlm_sql、mysql database间的一个中间层。 3、MySQL Schema3、1 7个table的说明stop and start records logging table radaccta single user check and reply table radcheck

radreplyGroupcheck and reply tableradgroupcheck

radgroupreplyusername to group relationships are stored in this table radusergroupTo store post-authentication data tableradpostauth 3、2 create radius database mysql> create database radius;mysql>\. /usr/local/etc/raddb/sql/mysql/schema.sql

mysql> show tables;

+------------------+

| Tables_in_radius |

+------------------+

| radacct |

| radcheck |

| radgroupcheck |

| radgroupreply |

| radpostauth |

| radreply |

| radusergroup |

+------------------+

7 rows in set (0.09 sec)

create NAS table

msyql> use radius;

mysql> \. /usr/local/etc/raddb/sql/mysql/nas.sql

mysql> show tables;

+------------------+

| Tables_in_radius |

+------------------+

| nas |

| radacct |

| radcheck |

| radgroupcheck |

| radgroupreply |

| radpostauth |

| radreply |

| radusergroup |

+------------------+

8 rows in set (0.03 sec) 3、3 建立FreeRadius用户和授权mysql>\. /usr/local/etc/raddb/sql/mysql/admin.sql

[root@centos5 mysql]# cat admin.sql

# -*- text -*-

##

## admin.sql -- MySQL commands for creating the RADIUS user.

##

## WARNING: You should change 'localhost' and 'radpass'

## to something else. Also update raddb/sql.conf

## with the new RADIUS password.

##

## $Id: admin.sql,v 1.1 2008/04/30 08:41:30 aland Exp $

#

# Create default administrator for RADIUS

#

CREATE USER 'radius'@'localhost';

SET PASSWORD FOR 'radius'@'localhost' = PASSWORD('radpass');

# The server can read any table in SQL

GRANT SELECT ON radius.* TO 'radius'@'localhost';

# The server can write to the accounting and post-auth logging table.

#

# i.e.

GRANT ALL on radius.radacct TO 'radius'@'localhost';

GRANT ALL on radius.radpostauth TO 'radius'@'localhost'; 4、配置FreeRadius使用mysql schema 4、1 在 sql.conf 配置database的连接参数，指定所使用的table database = "mysql"

driver = "rlm_sql_${database}"

server = "localhost"

login = "radius"

password = "radpass"

radius_db = "radius"

acct_table1 = "radacct"

acct_table2 = "radacct"

postauth_table = "radpostauth"

authcheck_table = "radcheck"

authreply_table = "radreply"

groupcheck_table = "radgroupcheck"

groupreply_table = "radgroupreply"

usergroup_table = "radusergroup"

[root@centos5 raddb]# mysql -u radius -pradpass radius

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 4 to server version: 5.0.22-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> 4、2配置FreeRadius 查询 radius nas table # Set to 'yes' to read radius clients from the database ('nas' table)

# Clients will ONLY be read on server startup. For performance

# and security reasons, finding clients via SQL queries CANNOT

# be done "live" while the server is running.

#

#

readclients = yes

# Table to keep radius client info

nas_table = "nas"注释client.conf 所有行，Client从nas表中查询。clients.conf:

RADIUS clients/NAS configurations. Note that NAS is the term used

in RADIUS terminology. To simpilify things, just think of it as

authenticator in our 3-party model. 5、配置freeradius使用MySQL Database 5、1 users 注释users所有内容, 用户信息驻留在数据库radcheck tableper user configurations. Think of users as supplicants in our 3-party

model. Note that user configurations could reside in other places like

a MySQL database instead of the users file. vi /usr/local/etc/raddb/sites-available/inner-tunnel

去掉SQL前的注释

authorize {

chap

mschap

unix

suffix

update control {

Proxy-To-Realm := LOCAL

}

eap {

ok = return

} sql expiration

logintime

pap

}

authenticate {

Auth-Type PAP {

pap

}

Auth-Type CHAP {

chap

}

Auth-Type MS-CHAP {

mschap

}

unix

eap

} 5、2测试数据准备 nas table

INSERT INTO `nas` (`id`, `nasname`, `shortname`, `type`, `ports`, `secret`, `community`, `description`) VALUES

(1, '127.0.0.1', 'localhost', 'other', 1812, 'testing123', NULL, 'RADIUS Client');

radcheck table

INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES

(2, 'root', 'User-Password', '==', '888888');

radusergroup table

INSERT INTO `radusergroup` (`username`, `groupname`, `priority`) VALUES

('root', 'user', 1) 5、3测试 [root@centos5 ~]# radtest root 888888 localhost 1812 testing123

Sending Access-Request of id 32 to 127.0.0.1 port 1812

User-Name = "root"

User-Password = "888888"

NAS-IP-Address = 10.180.22.10

NAS-Port = 1812

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=32, length=20

[root@centos5 ~]#

commment: root 为linux的一个用户。