Centos7 deploy radius service-freeradius-3.0.13-15.el7 integrated mysql

Centos7 information

Insert picture description here

Install freeradius

freeradius, freeradius-utils, freeradius-mysql

yum -y install freeradius freeradius-utils freeradius-mysql

Configure freeradius

After the installation is complete, a "radiusd" user will be created,
the directory we will operate on: "/etc/raddb/", which
requires the same permissions as it.

Authorization

sudo chown dev.radiusd /etc/raddb/*

clients.conf configuration

/etc/raddb/clients.conf

Add client: private-network,
0.0.0.0/0: means that access can be initiated from any IP,
testing123: the secret key of the current instance.

Insert picture description here

default configuration

/etc/raddb/sites-available/default

Modify "-sql"
in accounting {}
to "sql"
authorize {} in
"-sql" to "sql" in
session {},
"# sql" to "sql"

inner-tunnel configuration

/etc/raddb/sites-available/inner-tunnel

Modify "-sql"
in authorize {}
to "sql" in
post-auth {}
"-sql" to "sql" in
session {} to
"# sql" to "sql"

Database configuration

(I use mysql data source)

/etc/raddb/mods-available/sql

(Visit when radius starts)

cd /etc/raddb/mods-enabled/

ln ../mods-available/sql ./

drive

Comment the line driver = "rlm_sql_null" and
add: driver = "rlm_sql_mysql";

dialect

Comment dialect = "sqlite" and
add: dialect = "mysql";

data source

Start a new line under "# Connection info:" and add the data source configuration:
server = "192.168.1.123"
port = 3306
login = "x"
password = "y"

Create mysql database

CREATE DATABASE radius;

Create table

Executing files in the database:

/etc/raddb/mods-config/sql/main/mysql/schema.sql

Initialization data

-- 用户组
insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.255');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');

-- 用户
insert into radcheck (username,attribute,op,value) values ('test','Cleartext-Password',':=','testpwd');

-- 将用户添加进用户组
insert into radusergroup (username,groupname) values ('test','user');

radiusd -X, start in debug mode

Insert picture description here

test

Open another window, radtest command test,
test: username,
testpwd: user password,
localhost 1812: radius address, 1812 is the default port number,
testing123: the secret key of the current instance.

radtest test testpwd localhost 1812 testing123

Receiving the Access-Accept response is considered successful.

Insert picture description here


A record will be added to the radpostauth table.

Insert picture description here


Let us test for a mistake, and write the password wrong: testpwdhhh

radtest test testpwdhhh localhost 1812 testing123

Become Access-Reject,

Insert picture description here


change the password in the database to: testpwdhhh

Insert picture description here


The records of the test just now are also saved

Insert picture description here

systemctl start

Exit radiusd -X first, then execute

systemctl start radiusd

Set up auto start

systemctl enable radiusd

Please correct me if it is inappropriate.

Reference article:

cluniquecui : FreeRADIUS 3.0 installation and configuration
h11345p : Freeradius +mysql+daloradius simple installation and configuration
gocgocgo : CentOS6.5 build freeradius server
Songchen : Linux build Radius server
hiwill : Compile and install freeradius3.0 on Centos 7