radius服務搭建
1. 安裝FreeRadius伺服器(需要root使用者):freeRadius下載下傳位址http://packages.networkradius.com/releases/centos/7/repo/)
分别下載下傳freeradius-config-3.0.18-2.el7.x86_64.rpm,freeradius -3.0.18-2.el7.x86_64.rpm ,freeradius-rest-3.0.18-2.el7.x86_64.rpm(認證類型為rest所依賴子產品)
freeradius-utils-3.0.18-2.el7.x86_64.rpm
安裝順序如下,如果安裝不成功需按提示解決依賴 依賴解決按照提示下載下傳對應的rpm檔案提示complate 安裝成功
yum install freeradius-config-3.0.18-2.el7.x86_64.rpm -y
yum install freeradius -3.0.18-2.el7.x86_64.rpm -y
yum install freeradius-rest-3.0.18-2.el7.x86_64.rpm -y
yum install freeradius-utils-3.0.18-2.el7.x86_64.rpm -y
如 freeradius -3.0.18-2.el7.x86_64.rpm 依賴openssl 1.0.2k 下載下傳openssl-libs-1.0.2k-16.el7.x86_64.rpm
yum install openssl-libs-1.0.2k-16.el7.x86_64.rpm -y
2啟動 radius 服務 radiusd -X debug模式啟動提示 Ready to process requests
服務啟動成功
3配置/etc/raddb/users 檔案 放開注釋使用者
bobCleartext-Password := "hello" (使用者名為bob,密碼為hello)
Reply-Message := "Hello, %{User-Name}"(認證成功響應 )
檢視/etc/raddb/clients 本地測試用戶端
client localhost{
secret = testing123(秘鑰為testing123)
}
4測試指令radtest bob hello 127.0.0.1 0 testing123
5測試結果
-bash-4.2$ radtest bob hello 127.0.0.1 0 testing123
Sent Access-Request Id 214 from 0.0.0.0:42620 to 127.0.0.1:1812 length 73
User-Name = "bob"
User-Password = "hello"
NAS-IP-Address = 10.1.11.69
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "hello"
Received Access-Accept Id 214 from 127.0.0.1:1812 to 127.0.0.1:42620 length 32
Reply-Message = "Hello, bob"
radius服務搭建完成
總結:在搭建完重新開機時會報
Copyright (C) 1999-2019 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Configuration directory /etc/raddb is globally writable. Refusing to start due to insecure configuration.
這是因為我在修改配置檔案的時候偷懶把/etc/raddb目錄設定成了 777權限。freeradius認為不安全。把raddb目錄權限改回來即可。