rhel5.1+pptpd+freeradius+mysql
Posted On 2008年11月8日星期六 at 时间: 21:30:00 by David Lu安装 pptpd
echo 1 > /proc/sys/net/ipv4/ip_forwardyum install ppp -y
modprobe ppp-compress-18
wget http://poptop.sourceforge.net/yum/stable/rhel5/i386/pptpd-1.3.4-1.rhel5.1.i386.rpm
rpm -i pptpd-1.3.4-1.rhel5.1.i386.rpm
pptpd 的配置文件 /etc/pptpd.conf
localip 192.168.0.1
remoteip 192.168.0.234-238
localip: pptpd server 所在服务器 IP 地址,可以设置为服务器上绑定的任意一个 IP 地址
remoteip: 设置客户端连接到 pptpd server 后可供分配的 Ip 地址范围
添加测试用户/etc/ppp/chap-secrets
#client server secret IP addresses
david pptpd tencent *
(服务器名称必须和 options.pptpd 中 name 处设置的名称一致,否则登录验证无法通过)
service pptpd start
netstat -antlp | grep:1723
现在可以用 david 测试了!
支持 freeradius
yum install freeradius freeradius-mysql -y
wget ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz
tar zxf ppp-2.4.4.tar.gz
mkdir /etc/radiusclient
cp ppp2.4.4/pppd/plugins/radius/etc/* /etc/radiusclient
cd /etc/radiusclient
在 servers 中添加 radius 的地址和密码
#Server Name or Client/Server pair Key
# -------------------- ----------------------
#portmaster.elemental.net hardlyasecret
#portmaster2.elemental.net donttellanyone
localhost tencent
在 radiusclient.conf 中确保 radiusclient 所有相关的路径都是/etc/radiusclient 开头的
修改/etc/ppp/options.pptpd
plugin /usr/lib/pppd/2.4.4/radius.so
cd /etc/raddb
修改 clients.conf
client 127.0.0.1 {
secret = tencent (与/etc/radiusclient 中 servers 里设置的一致)
shortname = localhost
nastype = other
}
支持 mysql
修改/etc/raddb/radius.conf
$INCLUDE ${confdir}/sql.conf (去掉注释)
authorize {
#files
sql
....
}
accounting {
#radutmp
sql
....
}
session{
#radutmp
sql
}
postauth {
sql
}
修改/etc/raddb/sql.conf
sql {
driver = "rlm_sql_mysql"
server = "localhost"
login = "radius"
password = "radius"
radius_db = "radius"
去掉 205 行 simul_count_query 的注释
....
}
yum install mysql mysql-server mysql-devel -y
service mysqld start
cd /usr/share/doc/freeradius-1.1.3/examples
mysqladmin create radius
mysql radius < face="arial">mysql> grant all on radius.* to radius@localhost identified by 'radius';
mysql> flush privilieges;
mysql> use radius;
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','AuthType',':=','Local');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.254');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');
mysql> insert into radcheck (username,attribute,op,value)values ('test','User-Password',':=','test');
mysql> insert into usergroup (username,groupname)values ('test','user');
Now you can use user "test" to test : )
--
知行合一