FreeRadius安装配置

自己整理的FreeRadius安装配置过程，大部分资料都是从网上收集的。每一步都经过验证，记录下来归档。

解压
tar -zxvf freeradius-server-2.1.12.tar.gz

cd freeradius-server-2.1.12

安装
./configure

make

make install

调试
radiusd -X

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.

启动
radiusd

日志

/usr/local/var/log/radius/radius.log

测试
radtest [-d raddb_directory] user password radius-server nas-port-number secrect
nas-port-number:用不到，就为0即可
secret:就是在client.conf里的对应client的口令 （radius安装完后，本地client127.0.0.1的口令缺省就是testing123）

# radtest test test localhost 0 testing123
Sending Access-Request of id 48 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=48, length=20
尽管user,passwd都是假的，但只要收到Access-Reject，也证明FreeRADIUS 服务器已经正常启动

设置为开机自启动服务
把启动脚本文件复制到/etc/init.d目录下
cp /usr/local/sbin/rc.radiusd /etc/init.d/radius
# vi /etc/init.d/radius
在 #!/bin/sh 一行后面加入：
# radiusd This shell script takes care of starting and stopping
# standalone radiusd.
#
# chkconfig: - 70 70
# description: free radius server.
# processname: /usr/local/sbin/radiusd
# config: /usr/local/etc/raddb
使用命令：
#chkconfig --add radius
#chkconfig radius on

配置MySQL
创建数据库：create database radius;

进入usr/local/etc/raddb/sql/mysql下
#mysql -u root -p radius <scheme.sql 把表导入到数据库中
导入后，可以在用命令
#use radius;
#show tabels;看到以下数据库表：
+------------------+
| Tables_in_radius |
+------------------+
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radpostauth |
| radreply |
| radusergroup |
+------------------+

修改usr/local/etc/raddb/site_enabled下的defoult文件，把authorize{} 、accounting {}中的sql前面的#去掉，并把authorize{} 中的files前加#

修改与mysql数据库连接的配置文件/usr/local/etc/raddb/sql.conf
server = "localhost"
login = "root"
password = "数据库root的登陆密码"
radius_db = "radius" //radius为数据库名

修改配置文件/usr/local/etc/raddb/radiusd.conf
去掉$INCLUDE sql.conf前面的#号

如果出现“rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory”找不到驱动包的错误

a:先安装mysql-devel
b:然后进入到freeradius的安装文件目录下的src/modules/rlm_sql/drivers/rlm_sql_mysql 运行命令：./configure --with-mysql-dir=/usr/share/mysql/ --with-mysql-lib-dir=/usr/lib/mysql/

c:make

make intall　　

这时候会把rlm_sql_mysql的驱动安装到/usr/local/lib目录下,但是必须把这些驱动copy到/usr/lib目录下才能正常运行:#cp -a /usr/local/lib/rlm_sql_mysql* /usr/lib

在数据库中加入测试帐号
#mysql -u root -p
Enter password:
mysql> use radius;

建立组信息：
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
Query OK, 1 row affected (0.01 sec)

mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');
Query OK, 1 row affected (0.00 sec)

mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.255');
Query OK, 1 row affected (0.00 sec)

mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
Query OK, 1 row affected (0.01 sec)

建立用户信息：
mysql> insert into radcheck (username,attribute,op,value) values ('test','User-Password',':=','test');
Query OK, 1 row affected (0.00 sec)

将用户加入组中：
mysql> insert into radusergroup (username,groupname) values ('test','user');
Query OK, 1 row affected (0.01 sec)

mysql>exit;退出数据库

测试
#radtest test test localhost 0 testing123

Sending Access-Request of id 222 to 127.0.0.1 port 1812

User-Name = "test"

User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=222, length=38

Service-Type = Framed-User
Framed-IP-Address = 255.255.255.255
Framed-IP-Netmask = 255.255.255.0
如果显示如上信息，则恭喜，freeradius安装配置成功。