server=”localhost”
login=”root”
password=“mysq“的root的密碼”
radius_db=”radius”
6、
vi /etc/raddb/client.conf
編輯radius客戶端配置文件
client 192.168.0.110 {
ipaddr = 192.168.0.110
secret = jiubang
shortname = 3G
nastype = other
}
7
、vi /etc/raddb/radius.conf
linsten {
ipaddr = 192.168.215.17
port = 1812
type = auth
}
另外需根據實際情況修改radius伺服器的連接等性能參數...
7
、
導入mysql資料庫
#
mysqladmin
-
u root
-
p create radius
#
mysql
-
u root
-
p radius
<
/
etc
/
raddb
/
sql
/
mysql
/
schema
.
sql
#
mysql
-
u root
-
p radius
<
/
etc
/
raddb
/
sql
/
mysql
/
nas
.
sql
#
mysql
-
u root
-
p radius
<
/
etc
/
raddb
/
sql
/
mysql
/
ippool
.
sql
#
mysql
-
u root
-
p radius
<
/
etc
/
raddb
/
sql
/
mysql
/
wimax
.
sql
#
mysql
-
u root
–
p
mysql
>
GRANT
SELECT
ON radius
.*
TO
'radius'@'localhost'
IDENTIFIED BY
'radpass'
;
mysql
>
GRANT ALL on radius
.
radacct TO
'radius'@'localhost'
;
mysql
>
GRANT ALL on radius
.
radpostauth TO
'radius'@'localhost'
;
先加入一些組信息
:
mysql
>
insert into radgroupreply
(
groupname
,
attribute
,
op
,
value
)
values
(
'user'
,
'Auth-Type'
,
':='
,
'Local'
);
mysql
>
insert into radgroupreply
(
groupname
,
attribute
,
op
,
value
)
values
(
'user'
,
'Service-Type'
,
'='
,
'Framed-User'
);
mysql
>
insert into radgroupreply
(
groupname
,
attribute
,
op
,
value
)
values
(
'user'
,
'Framed-IP-Netmask'
,
'='
,
'255.255.255.255'
);
mysql
>
insert into radgroupreply
(
groupname
,
attribute
,
op
,
value
)
values
(
'user'
,
'Framed-IP-Netmask'
,
':='
,
'255.255.255.0'
);
然後加入用戶信息:
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('geng', 'Password',
'peng'
);
然後把用戶加到組裡:
mysql
>
insert into radusergroup
(
username
,
groupname
)
values
(
'geng'
,
'user'
);
mysql
>
select
*
from radcheck where UserName
=
'geng'
;
radius
資料庫中的表
配置集中式MAC認證的時,只需往radcheck表中添加MAC地址作為用戶名和密碼就可以了.
批量添加用戶名到資料庫的表時,可以創建好一個.sql文件,裡面寫上SQL語句,然後執行.
vi /etc/raddb/3gmac/3guser.sql
進入到要插入數據的表所在的資料庫后,執行
配置完重啟服務.
6、測試 6.1 linux客戶端 radtest geng peng localhost 0 testing123
用戶名:geng
密碼: peng
Ip
地址 localhost
密鑰 testing123
交換機中的配置
[H3C ]display current-configuration
#
sysname H3C
#
MAC-authentication
MAC-authentication domain jiubang
#
radius scheme system
server-type standard
radius scheme freeradius
server-type standard
primary authentication 192.168.215.17
accounting optional
#
我的freeradius沒有配置記賬功能,在交換機上需配置此項,
否則在伺服器上用tcpdump host 192.168.0.110 -n 查看網路通信狀態時即使是顯示請求接受,也接入不了網路.
key authentication jiubang
user-name-format without-domain
nas-ip 192.168.0.110
#
domain jiubang
scheme radius-scheme freeradius
domain system
#
stp enable
#
vlan 1
#
#
interface Vlan-interface1
ip address 192.168.0.110 255.255.255.0
interface GigabitEthernet1/0/1
port access vlan 214
MAC-authentication
#
interface GigabitEthernet1/0/2
port access vlan 214
MAC-authentication
#
#
interface GigabitEthernet1/0/23
port link-type trunk
port trunk permit vlan all
gvrp
#
user-interface vty 0 1
authentication-mode scheme
user privilege level 3
set authentication password cipher K^ANUZ0#I(-B-.UEM,.3^1!!
user-interface vty 2 4
user privilege level 3
set authentication password cipher K^ANUZ0#I(-B-.UEM,.3^1!!
#
return
[H3C ]
[火星人 ] RedhatLinux 5.5 下安裝與配置freeradius mysql已經有816次圍觀