1. 程式人生 > >基於freeradius的無線認證

基於freeradius的無線認證

1. 安裝freeradius
yum -y install freeradius freeradius-mysql freeradius-utils

2.修改配置檔案
vim /etc/raddb/users
最後一行新增
testuser Cleartext-Password := "testpassword"

3.新增dns或者host, 如果設定host這裡應該設定hostname的值。
192.168.50.65 radius

3.啟動radius程序
/etc/init.d/radiusd start
chkconfig radiusd on
ss -unl
如果除錯啟動 radiusd -X

4.測試
radtest testuser testpassword 127.0.0.1 0 testing123

如果看到
Sending Access-Request of id 87 to 127.0.0.1 port 1812
    User-Name = "testuser"
    User-Password = "testpassword"
    NAS-IP-Address = 192.168.50.65
    NAS-Port = 1812
    Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=87, length=20
則表示radius伺服器配置成功。



5.為radius配置mysql驗證

yum -y install mysql mysql-server
/etc/init.d/mysqld start
chkconfig mysqld on

6.建立資料庫並匯入sql
CREATE DATABASE radius DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
CREATE USER 'raduser'@'localhost' IDENTIFIED BY 'radpass';
GRANT ALL PRIVILEGES ON radius.* TO 'raduser'@'localhost';
show grants for 'raduser'@'localhost';

flush privileges;
use radius;
source /etc/raddb/sql/mysql/schema.sql


7. 修改配置檔案
檔案一
vim /etc/raddb/sql.conf
修改
server = "localhost"
login = "raduser"
password = "radpass"
radius_db = "radius"

檔案二
vim /etc/raddb/radiusd.conf
修改
$INCLUDE sql.conf  去掉前面註釋

檔案三
vim /etc/raddb/sites-available/default
authorize{} accounting {} session {} 去掉裡面sql前面的註釋
vim /etc/raddb/sites-available/inner-tunnel
authorize {} session {} 去掉裡面sql前面的註釋

檔案四
vim  /etc/raddb/clients.conf
secret = testing123 這個key太簡單,可以為一個隨機字串。例如:
secret = 3c23498n349c3yt290y93b4t3
修改freeradius client的ip地址。

vim /etc/raddb/users
#testuser Cleartext-Password := "testpassword"

8.重啟radius
/etc/init.d/radiusd restart

9.在mysql中新增使用者進行測試
mysql;
use radius;

insert into radcheck (username,attribute,op,value) values ('test','User-Password',':=','pass123');

exit;
radtest test pass123 127.0.0.1 0 testing123
看到“rad_recv: Access-Accept” 則認證成功。

10.如果授權其他主機訪問radius認證,可以在radius server的clients.conf新增授權
vim /etc/raddb/clients.conf
新增
client 192.168.50.64 {
    ipaddr = 192.168.50.64
    secret      = testing123
}

登入192.168.50.64
yum -y install freeradius-utils
radtest test pass123 192.168.50.65 0 testing123