Home > Article > Operation and Maintenance > Example tutorial for installing FreeRadius in LNMP environment
1. Install the web environment and use LNMP one-click installation package
Refer to the specific installation steps
2. After the installation is completed, install the missing components of LNMP
ionCube component installation
Enter the directory where lnmp is decompressed and execute: ./addons.sh install ionCube
Press Enter to confirm and the ionCube loader will be installed automatically.
yum install perl-DBI
yum freeradius-mysql freeradius-utils
3. Install FreeRadius
wget
tar xvf freeradius-server-2.1.8 -dmamod-1.tar.gz
cd freeradius-server-2.1.8
./configure
make
make install
4.File owner and permission configuration
chmod 644 /usr/local/etc/raddb/dictionary
chown www /usr/local/etc/raddb
chown www /usr/local/etc/raddb/clients.conf
5 .Testing FreeRadius
radiusd -X
Error occurred
“error while loading shared libraries:libfreeradius-radius-2.1.8.so: cannot open shared object file: no such file or directory.”
The solution is to add /usr/local/lib to /etc/ld.so.conf
ld.so.conf file content is as follows:
include /etc/ld.so .conf.d/*.conf
Add a line /usr/local/lib
After completion, enter /sbin/ldconfig, and then repeat the above steps.
The Ldconfig command caches the library files under the path listed in /etc/ld.so.conf to /etc/ld.
When debugging radiusd with this command -X
an error occurs
Failed binding to authentication address * port 1812: Address already in use
/usr/local/etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812
Port occupied Problem.
Use the command lsof -i:1812
to get
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
radiusd 11163 radiusd 5u IPv4 949974 0t0 UDP *:radius
found that it is Radius itself occupies
Processing method (violent point)
kill 11163 (PID of radius process, centos view process PID command: ps -ef)
If you find that there is no such command, you can use yum install psmisc Installation
radiusd -X debugging again
Display Ready to process requests.
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
freeradius has been installed successfully at this point
6. Detailed configuration of freeradius, because we need to integrate with RM, here we need to configure the radius file in detail
First explain that when using the LNMP environment package, you can also simply install freeradius. The simple installation steps are as follows
Use command: yum install perl-DBI freeradius freeradius-mysql freeradius-utils
You can install radius in one step. I personally recommend using the installation package to install it step by step, so that you can find and solve problems at any time if you find them
There are two methods for configuring the radius file:
A: The simple method is to directly overwrite the file written by glzjin (Zhao Yichuxin)
wget -O /etc/raddb/radiusd .conf
wget -O /etc/raddb/sites-enabled/default
wget -O /etc/raddb/sql/mysql/dialup.conf
wget -O /etc/raddb/dictionary
wget -O /etc/raddb/sql/mysql/counter.conf
B: Detailed manual configuration is as follows
#Edit the /usr/local/etc/raddb/radiusd.conf file
vi /usr/local/etc/raddb/radiusd.conf
Look for "allow_vulnerabel_openssl = no" and change it to yes
Look for "$INCLUDE sql.conf" (line 743), remove the
# Find "$INCLUDE sql/mysql/counter.conf" (line 712), remove the
## clear the /usr/local/etc/raddb/sites-enabled/default file, and directly put the configured Copy the contents of the file and save it
cat /dev/null > /usr/local/etc/raddb/sites-enabled/default
vi /usr/local/etc/raddb/sites-enabled/default
#Clear the /usr/local/etc/raddb/sites-enabled/inner-tunnel file and directly copy the configured file contents into it and save it
cat /dev/null > /usr/local/etc /raddb/sites-enabled/inner-tunnel
vi /usr/local/etc/raddb/sites-enabled/inner-tunnel
#Edit /usr/local/etc/raddb/eap.conf , change the MD5 verification method to peap method
vi /usr/local/etc/raddb/eap.conf
Line 30 default_eap_type = md5 is changed to default_eap_type = peap
#Edit /usr/local /etc/raddb/modules/mschap file, modify it to the following content
vi /usr/local/etc/raddb/modules/mschap
mschap { use_mppe = yes require_encryption = yes require_strong = yes }
#Edit /usr/local/etc/raddb/sql/mysql/dialup.conf file
vi /usr/local/etc/raddb/sql/mysql/dialup.conf
Find simul_count_query will 279 -Remove the comments on line 282, open the simul_count_query function
#edit the /usr/local/etc/raddb/sql/mysql/counter.conf file, and add the custom calculation function
monthlytrafficcounter (monthly traffic calculation) and yearlytrafficcounter (calculated traffic every year)
vi /usr/local/etc/raddb/sql/mysql/counter.conf
在末尾加入
sqlcounter monthlytrafficcounter {
counter-name = Monthly-Traffic
check-name = Max-Monthly-Traffic
reply-name = Monthly-Traffic-Limit
sqlmod-inst = sql
key = User-Name
reset = monthly
query = " SELECT ABS(SUM(acctinputoctets + acctoutputoctets) DIV 1048576) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime >= date_sub(curdate(),interval 30 day)"
}
sqlcounter yearlytrafficcounter {
counter-name = Yearly-Traffic
check-name = Max- Yearly-Traffic
reply-name = Yearly-Traffic-Limit
sqlmod-inst = sql
key = User-Name
reset = never
query = " SELECT ABS(SUM(acctinputoctets + acctoutputoctets) DIV 1048576) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime >= date_sub(curdate(),interval 365 day)"
}
#编辑字典文件/usr/local/etc/raddb/dictionary
vi /usr/local/etc/raddb/dictionary
#添加以下内容
ATTRIBUTE Max-Monthly-Traffic 3003 integer
ATTRIBUTE Monthly-Traffic-Limit 3004 integer
ATTRIBUTE Acct-Interim-Interval 85 integer
ATTRIBUTE Max-Yearly-Traffic 3003 integer
ATTRIBUTE Yearly-Traffic-Limit 3004 integer
7.建立MySql相关的数据库并作设置
两种方法如下:
A。使用phpmyadmin建立
LNMP环境下带phpmyadmin,http://你的IP/phpmyadmin
建立两个数据库radius和conntrack
进入后点:账号---新增用户账号
填写好用户名和密码,一定点击(用户账号数据库下的创建与用户同名的数据库并授予所有权限。)
B。使用ssh登陆命令建立
mysql -u root -p密码 #登录mysql,超级账号root和密码
CREATE DATABASE radius; #创建radius数据库
CREATE DATABASE conntrack; #创建conntrack数据库
CREATE USER ‘radius’@'localhost’ IDENTIFIED BY ‘radius123′; #创建用户radius,密码radius123
CREATE USER ‘conntrack’@'localhost’ IDENTIFIED BY ‘conn123′; #创建用户conntrack,密码conn123
GRANT ALL ON radius.* TO radius@localhost; #给radius数据库设置访问权限
GRANT ALL ON conntrack.* TO conntrack@localhost; #给conntrack数据库设置访问权限
8.配置freeradius数据库
/usr/local/etc/raddb/sql.conf #使用radius/radius123
# Connection info:
server = “localhost”
#port = 3306
login = “radius”
password = “radius123″
找到readclients一行,设为yes并去掉注释符号
#这里要特别说明一下,如果在安装freeraduis是使用的是第6点里yun直接安装的话,那么sql.conf这个文件
在/etc/raddb/sql.conf 这个目录里。
9.关闭SELINUX(需重启机器生效)
/etc/sysconfig/selinux
SELINUX=disabled
10.修改机器MAC地址,因为我下载RM3.9版本是破解的,授权文件和MAC地址都是破解者发布的(需要重启生效PS:RM4.16是不是也可以使用同样方法处理,有研究出来的朋友,可以和我交流一下)
不能使用这个命令:ifconfig eth0 down(禁用网卡),你是ssh链接的使用了这个,你立马就掉线了,不用我说原因吧。
正确的方法:
使用winscp下载 /etc/sysconfig/network-scripts里ifcfg-eth0
修改其中的"HWADDR=xx:xx:xx:xx:xx:xx"为"MACADDR=00:D0:09:B8:B7:34"
上传覆盖,重启机器以后生效。
11.安装Radius Manager
首先为Radius Manager建立一个web
使用lnmp vhost add,此次不需要创建mysql数据库了,在上面我们已经创建好了。
使用winscp上传radiusmanager-3.9.0.tar.gz到root目录
tar zxvf radiusmanager-3.9.0.tar.gz
cd radiusmanager-3.9.0
chmod 755 install.sh
./install.sh
Radius Manager installer appears
Copyright 2004-2011, DMA Softlab LLC
All right reserved.
(Use CTRL+C to abort any time)
Select the type of your operating system:
1. Redhat (Fedora, CentOS etc.)
2. Debian (Ubuntu etc.)
Choose an option: [1] (mine is centos system)
Selected operating system is : REDHAT
Select installation type:
1. New installation
2. Upgrade old system
Choose an option: [1](New installation)
Selected installation method: NEW INSTALLATION
WWW root path: [/var/www/html] Change here to the web directory we created/home/wwwroot/your domain name
RADIUS database host: [localhost]
RADIUS database username: [radius ]#Use Radius
Radius database password: [Radius123] The password of the Radius database you created
CTS Database: [Localhost]
CTS DataBase Username: [Conntrack]# Use Conntrack
CTS database password : [conn123] The password for the conntrack you created
Freeradius UNIX user: [root] #Use root
Httpd UNIX user: Change to WWW
Create rmpoller service: [y]
Create rmconntrack service: [y]
Back up RADIUS database: [y]
WARNING! If You continue You will overwrite the existing RADIUS database!
Are You sure to start the installation? [n] y
Starting installation process…
Copying WEB content to /home/wwwroot/yourdomain name/radiusmanager
Copying binaries to /usr/local/bin
Copying rootexec to /usr/local/sbin
Copying radiusmanager.cfg to /etc
Backing up RADIUS database…
Creating MySQL tables
Creating rmpoller service
Creating rmconntrack service
Copying logrotate script
Setting permission on raddb files
Copying radiusd init script to /etc/init.d
Installation finished!
12. Modify the RM configuration file
/etc/radiusmanager.cfg
/home/wwwroot/your domain name/radiusmanager/ config/system_cfg.php
13. Modify the RM file from the root directory to the home directory
cd radiusmanager --> mv * ../ --> cd ../
14. Modify directory file permissions
chattr -i /home/wwwroot/your domain name/.user.ini
chown www:www -R /home/wwwroot/your domain name
chmod -R 777 / home/wwwroot/your domain name
chmod 755 /usr/local/bin/rmauth
chmod 755 /usr/local/bin/rmacnt
chmod 755 /usr/local/bin/rmpoller
chmod 600 /etc/radiusmanager.cfg
chmod 755 /usr/local/bin/rmconntrack
chmod 4755 /usr/local/sbin/rootexec
Restart the server. Access address: Your domain name/admin.php Account admin Password 1111
User access address: Your domain name/user.php Account user Password 1111
The above is the detailed content of Example tutorial for installing FreeRadius in LNMP environment. For more information, please follow other related articles on the PHP Chinese website!