Config freeRADIUS Server to authenticate VPN server via CentOS

1.安装ppp,pptp

http://blog.pzy.me/2013/08/24/pptpd-installation-tutorial-via-centos/

2.安装freeradius

yum install mysql* freeradius* -y

3.导入数据

mysql> create database radius;
 
mysql -u root -p  radius < /etc/raddb/sql/mysql/admin.sql
 
mysql -u root -p radius < /etc/raddb/sql/mysql/cui.sql
 
mysql -u root -p radius < /etc/raddb/sql/mysql/nas.sql
 
mysql -u root -p radius < /etc/raddb/sql/mysql/schema.sql
 
mysql -u root -p radius < /etc/raddb/sql/mysql/wimax.sql

4.配置radius

注:前面的数字是行数(不一定一定准确,大概位置),

有#表示这行加注释,没有表示这行去掉注释

vi /etc/raddb/radiusd.conf

700 $INCLUDE sql.conf
vi /etc/raddb/sql.conf

28 database = &quot;mysql&quot;
33 driver = &quot;rlm_sql_${database}&quot;
36 server = &quot;localhost&quot;
38 login = &quot;root&quot;
39 password = &quot;123&quot;
42 radius_db = &quot;radius&quot;
50 acct_table1 = &quot;radacct&quot;
51 acct_table2 = &quot;radacct&quot;
100 readclients = yes
vi /etc/raddb/sites-enabled/default

69 authorize {
170 # files
177 sql
252 authenticate {
297 # unix
333 preacct {
372 # files
389 # unix
406 sql
449 session {
454 sql
461 post-auth {
475 sql
vi /etc/raddb/sites-enabled/inner-tunnel

124 # files
131 sql
223 # unix
255 sql
277 sql
vi /etc/raddb/eap.conf

30 default_eap_type = peap

5.pptp与freeradius整合

下载ppp源码
ftp://ftp.samba.org/pub/ppp/

tar zxvf ppp-2.4.5.tar.gz
mkdir /etc/ppp/radius
cp -R ppp-2.4.5/pppd/plugins/radius/etc/ /etc/ppp/radius/

cd /etc/ppp/radius/etc

修改radius的相关路径

vi radiusclient.conf
auth_order radius
login_tries 4
login_timeout 60
nologin /etc/nologin
issue /etc/ppp/radius/etc/issue
authserver localhost:1812
acctserver localhost:1813
servers /etc/ppp/radius/etc/servers
dictionary /etc/ppp/radius/etc/dictionary
login_radius /usr/local/sbin/login.radius
seqfile /var/run/radius.seq
mapfile /etc/ppp/radius/etc/port-id-map
default_realm
radius_timeout 10
radius_retries 3
login_local /bin/login
vi /etc/ppp/radius/etc/dictionary
INCLUDE /etc/ppp/radius/etc/dictionary.microsoft
INCLUDE /etc/ppp/radius/etc/dictionary.ascend
INCLUDE /etc/ppp/radius/etc/dictionary.merit
INCLUDE /etc/ppp/radius/etc/dictionary.compat

修改options.pptpd

vi /etc/ppp/options.pptpd
plugin /usr/lib/pppd/2.4.5/radius.so #根据系统决定lib还是lib64目录
radius-config-file /etc/ppp/radius/etc/radiusclient.conf

修改radius认证密钥

vi /etc/raddb/clients.conf
101 secret = pzy.me
vi /etc/ppp/radius/etc/servers
5 localhost pzy.me

最后

service radiusd start
service pptpd start

PS:如果无法启动radiusd,查看/var/log/messages找错误原因,如果启动了无法连接VPN,查看/var/log/radius/radius.log找原因