<rhel6+pptpd+freeradius+mysql>
| RHELPPTP 本文档来学习实验环境,内容实验结果全部在机房校验,全部正确无误。 系统环境:RHEL6 x86_64 selinux and iptables disabled 软件下载:http :// poptop . sourceforge . net / yum / stable / rhel 6/ ftp://ftp.samba.org/pub/ppp安装配置 pptpd echo 1 > /proc/sys/net/ipv4/ip_forward yum install ppp -y rpm -ivh pptpd-1.3.4-2.el6.x86_64.rpm pptpd 的配置文件 /etc/pptpd.conf localip 192.168.0.1 remoteip192.168.0.234-238 localip: pptpd server 所在服务器 IP 地址,可以设置为服务器上绑定的任意一个 IP 地址 remoteip: 设置客户端连接到 pptpd server 后可供分配的 Ip 地址范围 添加测试用户/etc/ppp/chap-secrets #client server secret IP addresses yakexi pptpd westos * 注意:server 名称必须和 /etc/ppp/options.pptpd 中 name 处设置的名称一致,否则登录 验证无法通过 service pptpd start netstat -antlp|grep:1723 现在可以用 yakexi 测试了! 安装配置 freeradius yum install freeradius freeradius-mysql freeradius-utils -y tar zxf ppp-2.4.5.tar.gz mkdir /etc/radiusclient cp ppp-2.4.5/pppd/plugins/radius/etc/* /etc/radiusclient cd /etc/radiusclient 在 servers 文件中添加 radius 服务器的地址和密码 localhost westos 修改 radiusclient.conf 文件中确保这个文件中所有与 radiusclient 相关的路径都是 以/etc/radiusclient 开头的。例如: servers /usr/local/etc/radiusclient/servers 修改为: servers /etc/radiusclient/servers 修改/etc/ppp/options.pptpd,添加如下行: plugin /usr/lib64/pppd/2.4.5/radius.so cd /etc/raddb 修改 clients.conf client localhost { ipaddr = 127.0.0.1 secret = westos (与/etc/radiusclient/servers 里设置的一致) .... } 支持 mysql 修改/etc/raddb/radius.conf $INCLUDE sql.conf #去掉注释 修改/etc/raddb/sites-available/default authorize { #files sql .... } accounting { #radutmp sql .... } session{ #radutmp sql } post-auth { sql } 修改/etc/raddb/sql.conf sql { database = “mysql“ driver = "rlm_sql_mysql" server = "localhost" login = "radius" password = "radpass" radius_db = "radius" .... } 修改/etc/raddb/sql/mysql/dialup.conf,去掉如下行的注释: simul_count_query = "SELECT COUNT(*) / FROM ${acct_table1} / WHERE username = '%{SQL-User-Name}' / AND acctstoptime IS NULL" yum install mysql mysql-server -y service mysqld start cd /etc/raddb/sql/mysql/ mysqladmin create radius mysql radius < schema.sql mysql < admin.sql mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local'); mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User'); mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.254'); mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0'); mysql>insert into radgroupcheck (groupname,attribute,op,value) values ('user','Simultaneous-Use',':=','1'); (限制一个帐号只能拨一次,可选) mysql> insert into radcheck (username,attribute,op,value) values ('test','UserPassword',':=','test'); (添加帐户 test,密码 test) mysql> insert into radusergroup (username,groupname) values ('test','user'); 以后添加帐户只需要进行以上两步操作即可 service radiusd start service pptpd stop service pptpd start 执行命令进行测试: # radtest test test localhost 0 westos Sending Access-Request of id 13 to 127.0.0.1 port 1812 User-Name = "test" User-Password = "test" NAS-IP-Address = 127.0.0.1 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=13, length=38 Service-Type = Framed-User Framed-IP-Address = 255.255.255.254 Framed-IP-Netmask = 255.255.255.0 看到 Access-Accept 字样即表示成功 |