rlm sql mysql_FreeRADIUS with rlm_sql_mysql
./configure (如果出现错误,需要安装相应的devel rpm)
make
make install
生成所需的证书
/usr/local/etc/raddb/certs/bootstrap
ln -s /usr/local/sbin/rc.radiusd /etc/rc.d/init.d/radiusd
ln -s /usr/local/etc/raddb /etc/raddb
chkconfig radiusd on
/etc/rc.d/init.d/radiusd start
[root@centos5]# /usr/local/sbin/radiusd -v
radiusd: FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu, built on May 17 2008 at 12:20:44
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.2、 FreeRADIUS SQL Module通用的SQL前端(rlm_sql)+数据库后端驱动(rlm_sql_mysql)前端: rlm_sql
中间驱动:rlm_sql_mysql后端: mysql_databaseComment:rlm_sql_mysql不是一个完整的mysql client, 仅仅是rlm_sql、mysql database间的一个中间层。3、MySQL Schema3、1 7个table的说明stop and start records logging tableradaccta single user check and reply table
radcheck
radreplyGroupcheck and reply tableradgroupcheck
radgroupreplyusername to group relationships are stored in this table
radusergroupTo store post-authentication data tableradpostauth
3、2 create radius database
mysql> create database radius;mysql>\. /usr/local/etc/raddb/sql/mysql/schema.sql
mysql> show tables;
+------------------+
| Tables_in_radius |
+------------------+
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radpostauth |
| radreply |
| radusergroup |
+------------------+
7 rows in set (0.09 sec)
create NAS table
msyql> use radius;
mysql> \. /usr/local/etc/raddb/sql/mysql/nas.sql
mysql> show tables;
+------------------+
| Tables_in_radius |
+------------------+
| nas |
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radpostauth |
| radreply |
| radusergroup |
+------------------+
8 rows in set (0.03 sec)
3、3 建立FreeRadius用户和授权mysql>\. /usr/local/etc/raddb/sql/mysql/admin.sql
[root@centos5 mysql]# cat admin.sql
# -*- text -*-
##
## admin.sql -- MySQL commands for creating the RADIUS user.
##
## WARNING: You should change 'localhost' and 'radpass'
## to something else. Also update raddb/sql.conf
## with the new RADIUS password.
##
## $Id: admin.sql,v 1.1 2008/04/30 08:41:30 aland Exp $
#
# Create default administrator for RADIUS
#
CREATE USER 'radius'@'localhost';
SET PASSWORD FOR 'radius'@'localhost' = PASSWORD('radpass');
# The server can read any table in SQL
GRANT SELECT ON radius.* TO 'radius'@'localhost';
# The server can write to the accounting and post-auth logging table.
#
# i.e.
GRANT ALL on radius.radacct TO 'radius'@'localhost';
GRANT ALL on radius.radpostauth TO 'radius'@'localhost';
4、配置FreeRadius使用mysql schema
4、1 在 sql.conf 配置database的连接参数,指定所使用的table
database = "mysql"
driver = "rlm_sql_${database}"
server = "localhost"
login = "radius"
password = "radpass"
radius_db = "radius"
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "radusergroup"
[root@centos5 raddb]# mysql -u radius -pradpass radius
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4 to server version: 5.0.22-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>
4、2配置FreeRadius 查询 radius nas table
# Set to 'yes' to read radius clients from the database ('nas' table)
# Clients will ONLY be read on server startup. For performance
# and security reasons, finding clients via SQL queries CANNOT
# be done "live" while the server is running.
#
#
readclients = yes
# Table to keep radius client info
nas_table = "nas"注释client.conf 所有行,Client从nas表中查询。clients.conf:
RADIUS clients/NAS configurations. Note that NAS is the term used
in RADIUS terminology. To simpilify things, just think of it as
authenticator in our 3-party model.
5、配置freeradius使用MySQL Database
5、1 users
注释users所有内容, 用户信息驻留在数据库radcheck tableper user configurations. Think of users as supplicants in our 3-party
model. Note that user configurations could reside in other places like
a MySQL database instead of the users file.
vi /usr/local/etc/raddb/sites-available/inner-tunnel
去掉SQL前的注释
authorize {
chap
mschap
unix
suffix
update control {
Proxy-To-Realm := LOCAL
}
eap {
ok = return
}
sql
expiration
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
eap
}
5、2测试数据准备
nas table
INSERT INTO `nas` (`id`, `nasname`, `shortname`, `type`, `ports`, `secret`, `community`, `description`) VALUES
(1, '127.0.0.1', 'localhost', 'other', 1812, 'testing123', NULL, 'RADIUS Client');
radcheck table
INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES
(2, 'root', 'User-Password', '==', '888888');
radusergroup table
INSERT INTO `radusergroup` (`username`, `groupname`, `priority`) VALUES
('root', 'user', 1)
5、3测试
[root@centos5 ~]# radtest root 888888 localhost 1812 testing123
Sending Access-Request of id 32 to 127.0.0.1 port 1812
User-Name = "root"
User-Password = "888888"
NAS-IP-Address = 10.180.22.10
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=32, length=20
[root@centos5 ~]#
commment: root 为linux的一个用户。
rlm sql mysql_FreeRADIUS with rlm_sql_mysql相关推荐
- rlm sql mysql_FreeRADIUS with rlm_sql_mysql
./configure (如果出现错误,需要安装相应的devel rpm) make make install 生成所需的证书 /usr/local/etc/raddb/certs/bootstrap ...
- rlm sql mysql.so_冰天雪地跪求高手解决--Could not link driver rlm_sql_mysql: file not found
我在freenas这个上面安装了mysql+freeradius mysql是在用户上面自带命令 pkg_add -r mysql51-server 启动出错 [root@localhost ~]ra ...
- rlm sql mysql.so_找了好久,终于找到一篇关于FREERADIUS新版的安装说明。和以前的1.X.X还是有很大不同的。...
一.安装openssl 二.安装mysql 直接用命令#yun groupinstall "MySQL Database"安装MySQL数据库. 安装好后,#service mys ...
- rlm sql mysql.so_UBUUTU7.10上安装配置freeradius+mysql+rp-pppoe手记
5.安装freeradius1.1.2 将源码包解压缩: # tar –zxvf freeradius_version 进入生成的目录中进行编译安装: 编译之前,先处理一下MySQL的库,freera ...
- Freeradius+mysql+daloradius简单安装配置
概述 之前说了Freeradius与AD结合进行802.1x认证方面的内容.本例则在之前实验配置的基础之上,将Freeradius与mysql.daloradius结合,实现可以通过web方式管理ra ...
- Less还是Sass,Stylus我们到底选择谁
做前端 处理,那CSS是你的特长,随着工程的增大,CSS的预处理越来越重要,或者我们要维护我们的css,工作会越来越困难,造成这些困难的很大原因源于 CSS 是一门非程序式语言,没有变量.函数.SCO ...
- java 必备面试必备
1.JDK 和 JRE 有什么区别? JDK(Java Development Kit),Java开发工具包 JRE(Java Runtime Environment),Java运行环境 JDK中包含 ...
- oracle exfsys 下 rlm$evtcleanup,RLM$SCHDNEGACTION 运行导致负载问题
在监控系统上发现系统 schedule job 运行的如下两个package占用cpu较高 (95%左右), 而且持续一定时间, 简单查询,发现这两个package 应该是和Expression Fi ...
- oracle恢复exfsys,ORA-27468 EXFSYS.RLM$EVTCLEANUP任务引起的故障
ORA-27468 EXFSYS.RLM$EVTCLEANUP任务引起的故障 Errors in file /oracle/admin/cdx/bdump/cdx2_j000_663594.trc: ...
最新文章
- Linux系统管理员修炼三层次
- 聊一聊Kafka分区的隐藏属性——二次归类
- 杨浦区阜盛农民工子弟小学见闻
- .mvn 需要放git上吗_汽车行李架上可以放东西吗?放了东西可以跑高速吗?
- 备份工具之Xtrabackup
- 计算机图形学(一)——数据压缩:道格拉斯普克法
- 经典神经网络 -- GoogLeNet / Inception : 设计原理与pytorch实现
- 借博客发泄一下对ExtJs的不满
- Linux常用工具包安装
- php如何防止恶意DDoS攻击,避免带宽占用问题方法
- 密码技术学习(8.1)-数字证书简介
- Python爬虫5-API和爬虫
- TwinCAT 3 基础——安装
- 神经系统及器官结构图片,神经系统的组织结构图
- Myeclipse项目内容没有报错但是项目上面却有红色叉叉
- 2022年国家法定节假日配置MySql
- .Net、C# 汉字转拼音,简体繁体转换方法
- WPS的word文档页面右边有一段空白原因
- python如何读取txt文件内容
- 纳米饮水思源,原子结构探秘
热门文章
- 【一年一个小知识】如何查询iPad电池寿命(使用快捷指令)?
- 【LAB1-Ruijie】验证分别在console口和vty接口下的login、login local、no login的区别
- BUUCTF:[GXYCTF2019]BabySQli
- Boboniu Chats with Du(贪心 + 前缀和)
- 金融/股市/基本术语/常识积累
- CPU、物理核、逻辑核概念与关系
- 网站各类备案方法指引
- 删除表格中拼音+取消表格中的筛选+将数字转换为文字
- java string转map_Java string类型转换成map代码实例
- redis删除指定key以及清空库