1.FreeRadius软件简介
FreeRADIUS
是世界上使用最广泛的 RADIUS
服务器。它为全球大多数主要的互联网服务提供商和电信公司提供支持,并且是国际 Wi-Fi
教育漫游服务 eduroam
的关键技术之一。所有云身份提供商都使用 FreeRADIUS
作为其 RADIUS
服务器,并且它还被嵌入在网络设备供应商和令牌卡制造商的产品中。
FreeRADIUS
产品套件包括服务器、RADIUS
客户端、开发库以及众多其他与 RADIUS
和 IP
地址相关的实用程序。它是全球互联网运行的基础,每天负责数亿用户的身份验证。
其官网地址为:
https://www.freeradius.org/
2.什么是Daloradius?
Daloradius
是一个高级RADIUS Web
管理应用程序,旨在管理热点网络和通用ISP
(互联网服务提供商)部署。它是用PHP
和JavaScript
编写的,利用数据库抽象层支持多种数据库系统,包括MySQL
、PostgreSQL
、SQLite
等。它与FreeRADIUS
服务器集成。
其核心功能包括:
用户管理:
允许管理员创建、编辑、搜索和删除用户账户,设置权限级别,以及管理用户的认证信息,如用户名、密码和属性。支持快速添加用户以适应
POS
或热点场景。图形报告:
提供在线用户、连接尝试、系统日志和
RADIUS
服务器日志等多种报告,帮助管理员了解网络的使用情况,包括在线用户数量、认证请求成功率、流量等关键指标。计费系统:
内置点销售(
POS
)、计划、费率和交易处理功能,能够追踪用户在网络上的活动时间、传输的数据量,并根据预设规则自动计算费用、生成账单。支持多种计费策略,如时间限制、数据限额等。GIS支持:
结合
Leaflet
和CARTO
地图,可直观地查看和管理部署的热点,进行状态监控。通过集成Google Maps
,Daloradius
能进行地理定位,帮助管理员识别用户的位置,这对于热点网络的管理和安全控制尤其有用。安全性与扩展性:
Daloradius
遵循最佳安全实践,提供对HTTPS
的支持以加密通信,防止敏感数据泄露。同时,其开源性质意味着它可以根据用户需求进行定制和扩展,与各种硬件和软件环境兼容。
3.搭建环境准备
采用Centos7.9
系统安装,测试用服务器IP
地址为192.168.250.153
,配置信息略。
[root@myfreeradius /]# uname -a
Linux myfreeradius 3.10.0-1160.114.2.el7.x86_64 #1 SMP Wed Mar 20 15:54:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
[root@myfreeradius /]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@myfreeradius /]#
# 关闭SElinux
[root@myfreeradius ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
[root@myfreeradius ~]#
上面设置完成后,重启系统,查看SElinux
状态:
[root@myfreeradius ~]# /usr/sbin/sestatus -v
SELinux status: disabled
[root@myfreeradius ~]#
# 更换YUM源
[root@myfreeradius ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1694 100 1694 0 0 12989 0 --:--:-- --:--:-- --:--:-- 13030
[root@myfreeradius ~]#
4.安装Apache服务
[root@myfreeradius ~]# yum -y install httpd httpd-devel
已加载插件:fastestmirror, langpacks
Repository cr is listed more than once in the configuration
Repository fasttrack is listed more than once in the configuration
Determining fastest mirrors
epel/x86_64/metalink | 5.1 kB 00:00:00
* epel: repo.jing.rocks
epel | 4.3 kB 00:00:00
extras | 2.9 kB 00:00:00
os | 3.6 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/7): os/7/x86_64/group_gz | 153 kB 00:00:00
(2/7): os/7/x86_64/primary_db | 6.1 MB 00:00:00
(3/7): updates/7/x86_64/primary_db | 27 MB 00:00:02
……
已安装:
httpd.x86_64 0:2.4.6-99.el7.centos.1 httpd-devel.x86_64 0:2.4.6-99.el7.centos.1
作为依赖被安装:
apr-devel.x86_64 0:1.4.8-7.el7 apr-util-devel.x86_64 0:1.5.2-6.el7_9.1 cyrus-sasl-devel.x86_64 0:2.1.26-24.el7_9 expat-devel.x86_64 0:2.1.0-15.el7_9 httpd-tools.x86_64 0:2.4.6-99.el7.centos.1
libdb-devel.x86_64 0:5.3.21-25.el7 mailcap.noarch 0:2.1.41-2.el7 openldap-devel.x86_64 0:2.4.44-25.el7_9
完毕!
[root@myfreeradius ~]#
上面安装成后,设置开机启动并启动apache
服务,检查服务状态:
[root@myfreeradius ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@myfreeradius ~]# systemctl start httpd
[root@myfreeradius ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2024-11-07 09:15:30 CST; 7s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 19629 (httpd)
Status: "Processing requests..."
Tasks: 6
CGroup: /system.slice/httpd.service
├─19629 /usr/sbin/httpd -DFOREGROUND
├─19631 /usr/sbin/httpd -DFOREGROUND
├─19632 /usr/sbin/httpd -DFOREGROUND
├─19633 /usr/sbin/httpd -DFOREGROUND
├─19634 /usr/sbin/httpd -DFOREGROUND
└─19635 /usr/sbin/httpd -DFOREGROUND
11月 07 09:15:25 myfreeradius systemd[1]: Starting The Apache HTTP Server...
11月 07 09:15:25 myfreeradius httpd[19629]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::5054:ff:fe05:c6e4. Set the 'ServerName' directive...s this message
11月 07 09:15:30 myfreeradius systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@myfreeradius ~]#
然后防火墙端口放行80
端口:
[root@myfreeradius ~]# firewall-cmd --permanent --add-port=80/tcp
success
[root@myfreeradius ~]# firewall-cmd --reload
success
[root@myfreeradius ~]#
5.安装数据库MariaDB
[root@myfreeradius ~]# yum install -y mariadb-server mariadb
已加载插件:fastestmirror, langpacks
Repository cr is listed more than once in the configuration
Repository fasttrack is listed more than once in the configuration
Loading mirror speeds from cached hostfile
* epel: repo.jing.rocks
正在解决依赖关系
--> 正在检查事务
---> 软件包 mariadb.x86_64.1.5.5.68-1.el7 将被 安装
---> 软件包 mariadb-server.x86_64.1.5.5.68-1.el7 将被 安装
--> 正在处理依赖关系 perl-DBD-MySQL,它被软件包 1:mariadb-server-5.5.68-1.el7.x86_64 需要
--> 正在检查事务
---> 软件包 perl-DBD-MySQL.x86_64.0.4.023-6.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
========================================================================================================================================
Package 架构 版本 源 大小
========================================================================================================================================
正在安装:
mariadb x86_64 1:5.5.68-1.el7 os 8.8 M
mariadb-server x86_64 1:5.5.68-1.el7 os 11 M
为依赖而安装:
perl-DBD-MySQL x86_64 4.023-6.el7 os 140 k
事务概要
========================================================================================================================================
安装 2 软件包 (+1 依赖软件包)
总下载量:20 M
安装大小:107 M
Downloading packages:
(1/3): mariadb-5.5.68-1.el7.x86_64.rpm | 8.8 MB 00:00:01
(2/3): perl-DBD-MySQL-4.023-6.el7.x86_64.rpm | 140 kB 00:00:00
(3/3): mariadb-server-5.5.68-1.el7.x86_64.rpm | 11 MB 00:00:02
----------------------------------------------------------------------------------------------------------------------------------------
总计 7.9 MB/s | 20 MB 00:00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : 1:mariadb-5.5.68-1.el7.x86_64 1/3
正在安装 : perl-DBD-MySQL-4.023-6.el7.x86_64 2/3
正在安装 : 1:mariadb-server-5.5.68-1.el7.x86_64 3/3
验证中 : 1:mariadb-server-5.5.68-1.el7.x86_64 1/3
验证中 : perl-DBD-MySQL-4.023-6.el7.x86_64 2/3
验证中 : 1:mariadb-5.5.68-1.el7.x86_64 3/3
已安装:
mariadb.x86_64 1:5.5.68-1.el7 mariadb-server.x86_64 1:5.5.68-1.el7
作为依赖被安装:
perl-DBD-MySQL.x86_64 0:4.023-6.el7
完毕!
[root@myfreeradius ~]#
安装完毕,设置MariaDB
开机启动和启动MariaDB
服务,并查看状态:
[root@myfreeradius ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@myfreeradius ~]# systemctl start mariadb
[root@myfreeradius ~]# systemctl status mariadb
● mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2024-11-07 09:24:43 CST; 9s ago
Process: 19945 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
Process: 19859 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
Main PID: 19944 (mysqld_safe)
Tasks: 20
CGroup: /system.slice/mariadb.service
├─19944 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
└─20110 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=...
11月 07 09:24:41 myfreeradius mariadb-prepare-db-dir[19859]: MySQL manual for more instructions.
11月 07 09:24:41 myfreeradius mariadb-prepare-db-dir[19859]: Please report any problems at http://mariadb.org/jira
11月 07 09:24:41 myfreeradius mariadb-prepare-db-dir[19859]: The latest information about MariaDB is available at http://mariadb.org/.
11月 07 09:24:41 myfreeradius mariadb-prepare-db-dir[19859]: You can find additional information about the MySQL part at:
11月 07 09:24:41 myfreeradius mariadb-prepare-db-dir[19859]: http://dev.mysql.com
11月 07 09:24:41 myfreeradius mariadb-prepare-db-dir[19859]: Consider joining MariaDB's strong and vibrant community:
11月 07 09:24:41 myfreeradius mariadb-prepare-db-dir[19859]: https://mariadb.org/get-involved/
11月 07 09:24:41 myfreeradius mysqld_safe[19944]: 241107 09:24:41 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
11月 07 09:24:41 myfreeradius mysqld_safe[19944]: 241107 09:24:41 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
11月 07 09:24:43 myfreeradius systemd[1]: Started MariaDB database server.
[root@myfreeradius ~]#
# 初始设置MariaDB
,设置root
密码,删除匿名用户和禁用远程根登录。
[root@myfreeradius ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password: SUPER2025
Re-enter new password: SUPER2025
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@myfreeradius ~]#
# 创建Radius数据库和用户名密码
[root@myfreeradius ~]# mysql -u root -p
Enter password: SUPER2025
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database radius;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all on radius.* to radius@localhost identified by "radius";
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
[root@myfreeradius ~]#
6.安装php7
[root@myfreeradius ~]# yum install -y php php-cli php-fpm php-mysqlnd php-zip php-devel php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json php-redis
已加载插件:fastestmirror, langpacks
Repository cr is listed more than once in the configuration
Repository fasttrack is listed more than once in the configuration
Loading mirror speeds from cached hostfile
* epel: repo.jing.rocks
正在解决依赖关系
--> 正在检查事务
---> 软件包 php.x86_64.0.5.4.16-48.el7 将被 安装
---> 软件包 php-bcmath.x86_64.0.5.4.16-48.el7 将被 安装
……
已安装:
php.x86_64 0:5.4.16-48.el7 php-bcmath.x86_64 0:5.4.16-48.el7 php-cli.x86_64 0:5.4.16-48.el7 php-common.x86_64 0:5.4.16-48.el7 php-devel.x86_64 0:5.4.16-48.el7 php-fpm.x86_64 0:5.4.16-48.el7
php-gd.x86_64 0:5.4.16-48.el7 php-mbstring.x86_64 0:5.4.16-48.el7 php-mcrypt.x86_64 0:5.4.16-9.el7 php-mysqlnd.x86_64 0:5.4.16-48.el7 php-pear.noarch 1:1.9.4-23.el7_9 php-pecl-redis.x86_64 0:2.2.8-1.el7
php-xml.x86_64 0:5.4.16-48.el7
作为依赖被安装:
libmcrypt.x86_64 0:2.5.8-13.el7 libzip.x86_64 0:0.10.1-8.el7 pcre-devel.x86_64 0:8.32-17.el7 php-pdo.x86_64 0:5.4.16-48.el7 php-pecl-igbinary.x86_64 0:1.2.1-1.el7 php-process.x86_64 0:5.4.16-48.el7
t1lib.x86_64 0:5.1.2-14.el7
完毕!
[root@myfreeradius ~]#
安装完成后,查看版本:
[root@myfreeradius ~]# php -v
PHP 5.4.16 (cli) (built: Apr 1 2020 04:07:17)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
[root@myfreeradius ~]#
这里编辑info.php
文件,进行环境测试:
[root@myfreeradius ~]# vim /var/www/html/info.php
[root@myfreeradius ~]# cat /var/www/html/info.php
<?php
phpinfo();
?>
[root@myfreeradius ~]#
[root@myfreeradius ~]# systemctl restart httpd
[root@myfreeradius ~]#
7.安装和配置FreeRadius
7.1安装FreeRadius
[root@myfreeradius ~]# yum -y install freeradius freeradius-utils freeradius-mysql
已加载插件:fastestmirror, langpacks
Repository cr is listed more than once in the configuration
Repository fasttrack is listed more than once in the configuration
Loading mirror speeds from cached hostfile
* epel: repo.jing.rocks
正在解决依赖关系
--> 正在检查事务
---> 软件包 freeradius.x86_64.0.3.0.13-15.el7 将被 安装
--> 正在处理依赖关系 libnaaeap.so.0()(64bit),它被软件包 freeradius-3.0.13-15.el7.x86_64 需要
---> 软件包 freeradius-mysql.x86_64.0.3.0.13-15.el7 将被 安装
---> 软件包 freeradius-utils.x86_64.0.3.0.13-15.el7 将被 安装
--> 正在检查事务
---> 软件包 tncfhh-libs.x86_64.0.0.8.3-16.el7 将被 安装
--> 正在处理依赖关系 tncfhh = 0.8.3,它被软件包 tncfhh-libs-0.8.3-16.el7.x86_64 需要
--> 正在处理依赖关系 libxerces-c-3.1.so()(64bit),它被软件包 tncfhh-libs-0.8.3-16.el7.x86_64 需要
--> 正在处理依赖关系 libtncutil.so.0()(64bit),它被软件包 tncfhh-libs-0.8.3-16.el7.x86_64 需要
--> 正在处理依赖关系 liblog4cxx.so.10()(64bit),它被软件包 tncfhh-libs-0.8.3-16.el7.x86_64 需要
--> 正在检查事务
---> 软件包 log4cxx.x86_64.0.0.10.0-16.el7 将被 安装
---> 软件包 tncfhh.x86_64.0.0.8.3-16.el7 将被 安装
---> 软件包 tncfhh-utils.x86_64.0.0.8.3-16.el7 将被 安装
---> 软件包 xerces-c.x86_64.0.3.1.1-10.el7_7 将被 安装
--> 解决依赖关系完成
依赖关系解决
==================================================================================================================================================================================================
Package 架构 版本 源 大小
==================================================================================================================================================================================================
正在安装:
freeradius x86_64 3.0.13-15.el7 os 1.1 M
freeradius-mysql x86_64 3.0.13-15.el7 os 91 k
freeradius-utils x86_64 3.0.13-15.el7 os 222 k
为依赖而安装:
log4cxx x86_64 0.10.0-16.el7 os 452 k
tncfhh x86_64 0.8.3-16.el7 os 680 k
tncfhh-libs x86_64 0.8.3-16.el7 os 160 k
tncfhh-utils x86_64 0.8.3-16.el7 os 33 k
xerces-c x86_64 3.1.1-10.el7_7 os 879 k
事务概要
==================================================================================================================================================================================================
安装 3 软件包 (+5 依赖软件包)
已安装:
freeradius.x86_64 0:3.0.13-15.el7 freeradius-mysql.x86_64 0:3.0.13-15.el7 freeradius-utils.x86_64 0:3.0.13-15.el7
作为依赖被安装:
log4cxx.x86_64 0:0.10.0-16.el7 tncfhh.x86_64 0:0.8.3-16.el7 tncfhh-libs.x86_64 0:0.8.3-16.el7 tncfhh-utils.x86_64 0:0.8.3-16.el7 xerces-c.x86_64 0:3.1.1-10.el7_7
完毕!
[root@myfreeradius ~]#
安装完毕,启动radius
和设置开机启动,以及查看运行状态:
[root@myfreeradius ~]# systemctl enable radiusd
Created symlink from /etc/systemd/system/multi-user.target.wants/radiusd.service to /usr/lib/systemd/system/radiusd.service.
[root@myfreeradius ~]# systemctl start radiusd
[root@myfreeradius ~]# systemctl status radiusd
● radiusd.service - FreeRADIUS high performance RADIUS server.
Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2024-11-07 09:47:05 CST; 19s ago
Process: 20639 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS)
Process: 20635 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS)
Process: 20631 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=0/SUCCESS)
Main PID: 20643 (radiusd)
Tasks: 6
CGroup: /system.slice/radiusd.service
└─20643 /usr/sbin/radiusd -d /etc/raddb
11月 07 09:47:04 myfreeradius systemd[1]: Starting FreeRADIUS high performance RADIUS server....
11月 07 09:47:05 myfreeradius systemd[1]: Started FreeRADIUS high performance RADIUS server..
[root@myfreeradius ~]#
接着,查看Radius
使用的端口:
[root@myfreeradius ~]# cat /usr/lib/firewalld/services/radius.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>RADIUS</short>
<description>The Remote Authentication Dial In User Service (RADIUS) is a protocol for user authentication over networks. It is mostly used for modem, DSL or wireless user authentication. If you plan to provide a RADIUS service (e.g. with freeradius), enable this option.</description>
<port protocol="tcp" port="1812"/>
<port protocol="udp" port="1812"/>
<port protocol="tcp" port="1813"/>
<port protocol="udp" port="1813"/>
</service>
[root@myfreeradius ~]#
然后在防火墙放行radius
服务:
[root@myfreeradius ~]# firewall-cmd --add-service=radius --permanent
success
[root@myfreeradius ~]# firewall-cmd --reload
success
[root@myfreeradius ~]# firewall-cmd --list-services
dhcpv6-client radius ssh
[root@myfreeradius ~]#
7.2配置FreeRadius
# 导入Radius
数据库到maiadb
数据库中
[root@myfreeradius ~]# mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
Enter password: SUPER2025
[root@myfreeradius ~]#
# 为/etc/raddb/mods-enabled
创建软连接
[root@myfreeradius ~]# ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
[root@myfreeradius ~]#
# 配置SQL
模块/raddb/mods-available/sql
,并更改数据库连接参数:
配置前先做备份:
[root@myfreeradius ~]# cp /etc/raddb/mods-available/sql /etc/raddb/mods-available/sql.bak.20241107
[root@myfreeradius ~]#
然后用vim /etc/raddb/mods-available/sql
修改下面部分:
driver = "rlm_sql_mysql"
# database the logged queries are going to be executed against.
dialect = "mysql"
# Connection info:
#
server = "localhost"
port = 3306
login = "radius"
password = "radius"
# Database table configuration for everything except Oracle
radius_db = "radius"
# 将/etc/raddb/mods-enabled/sql
所属组更改为radiusd
:
[root@myfreeradius ~]# chgrp -h radiusd /etc/raddb/mods-enabled/sql
[root@myfreeradius ~]#
添加启动服务,调整FreeRadius
与MariaDB
的启动顺序,FreeRadius
必须在MariaDB
启动之后启动,在[Unit]
部分,增加After=mariadb.service
,如下:
[root@myfreeradius ~]# vim /etc/systemd/system/multi-user.target.wants/radiusd.service
[Unit]
Description=FreeRADIUS high performance RADIUS server.
After=syslog.target network.target ipa.service dirsrv.target krb5kdc.service
After=mariadb.service
[Service]
Type=forking
PIDFile=/var/run/radiusd/radiusd.pid
ExecStartPre=-/bin/chown -R radiusd.radiusd /var/run/radiusd
ExecStartPre=/usr/sbin/radiusd -C
ExecStart=/usr/sbin/radiusd -d /etc/raddb
ExecReload=/usr/sbin/radiusd -C
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@myfreeradius ~]#
# 添加客户端连接设置,添加允许所有用户接入,如需特定ip
访问,ip
可以自由更改:
[root@myfreeradius ~]# cp /etc/raddb/clients.conf /etc/raddb/clients.conf.bak.20241107
[root@myfreeradius ~]#
# vim /etc/raddb/clients.conf
client all_client {
ipaddr = 0.0.0.0/0
secret = testing123
require_message_authenticator = no
}
7.3安装FreeRADIUS管理界面Daloradius
进入Apache
网站根目录,下载源文件:
[root@myfreeradius html]# wget https://github.com/lirantal/daloradius/archive/master.zip
--2024-11-07 10:35:48-- https://github.com/lirantal/daloradius/archive/master.zip
正在解析主机 github.com (github.com)... 20.205.243.166
正在连接 github.com (github.com)|20.205.243.166|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 302 Found
位置:https://codeload.github.com/lirantal/daloradius/zip/refs/heads/master [跟随至新的 URL]
--2024-11-07 10:35:53-- https://codeload.github.com/lirantal/daloradius/zip/refs/heads/master
正在解析主机 codeload.github.com (codeload.github.com)... 20.205.243.165
正在连接 codeload.github.com (codeload.github.com)|20.205.243.165|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:未指定 [application/zip]
正在保存至: “master.zip”
[ <=> ] 23,838,968 6.98MB/s 用时 3.7s
2024-11-07 10:35:58 (6.10 MB/s) - “master.zip” 已保存 [23838968]
[root@myfreeradius html]#
解压压缩包,修改文件夹名称:
[root@myfreeradius html]# unzip master.zip
[root@myfreeradius html]#
[root@myfreeradius html]# ll -h
总用量 23M
drwxr-xr-x 7 root root 4.0K 10月 29 22:22 daloradius-master
-rw-r--r-- 1 root root 20 11月 7 09:39 info.php
-rw-r--r-- 1 root root 23M 11月 7 10:35 master.zip
[root@myfreeradius html]#
[root@myfreeradius html]# mv daloradius-master/ daloradius
[root@myfreeradius html]#
下载daloradius-0.9-9.tar.gz
,解压后合并到daloradius
文件夹中
[root@myfreeradius html]# wget http://master.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
--2024-11-07 10:55:34-- http://master.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
正在解析主机 master.dl.sourceforge.net (master.dl.sourceforge.net)... 216.105.38.12
正在连接 master.dl.sourceforge.net (master.dl.sourceforge.net)|216.105.38.12|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 301 Moved Permanently
位置:http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz [跟随至新的 URL]
--2024-11-07 10:55:40-- http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz
正在解析主机 downloads.sourceforge.net (downloads.sourceforge.net)... 204.68.111.105
正在连接 downloads.sourceforge.net (downloads.sourceforge.net)|204.68.111.105|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 302 Found
位置:http://master.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz?viasf=1 [跟随至新的 URL]
--2024-11-07 10:55:40-- http://master.dl.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz?viasf=1
正在连接 master.dl.sourceforge.net (master.dl.sourceforge.net)|216.105.38.12|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:4591154 (4.4M) [application/x-gzip]
正在保存至: “daloradius-0.9-9.tar.gz”
100%[========================================================================================================================================================>] 4,591,154 1.85MB/s 用时 2.4s
2024-11-07 10:55:43 (1.85 MB/s) - 已保存 “daloradius-0.9-9.tar.gz” [4591154/4591154])
[root@myfreeradius html]#
解压,然后合并:
[root@myfreeradius html]# tar -zxvf daloradius-0.9-9.tar.gz
[root@myfreeradius html]#
[root@myfreeradius html]# mv daloradius-0.9-9/* daloradius/
[root@myfreeradius html]#
进入daloradius
目录,导入daloradius
数据库:
[root@myfreeradius daloradius]# mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql
Enter password:
[root@myfreeradius daloradius]# mysql -u root -p radius < contrib/db/mysql-daloradius.sql
Enter password:
[root@myfreeradius daloradius]#
设置daloradius
目录用户组和用户,设置daloradius.conf.php
权限
[root@myfreeradius daloradius]# chown -R apache:apache /var/www/html/daloradius/
[root@myfreeradius daloradius]# chmod 664 /var/www/html/daloradius/library/daloradius.conf.php
[root@myfreeradius daloradius]#
设置daloradius
数据库连接信息,打开daloradius.conf.php
文件,修改CONFIG_DB_USER
,CONFIG_DB_PASS
,CONFIG_DB_NAME
。
# vim /var/www/html/daloradius/library/daloradius.conf.php
$configValues['DALORADIUS_VERSION'] = '0.9-9';
$configValues['FREERADIUS_VERSION'] = '2';
$configValues['CONFIG_DB_ENGINE'] = 'mysqli';
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'radius';
$configValues['CONFIG_DB_NAME'] = 'radius';
修改完毕后,重启服务:
[root@myfreeradius daloradius]# systemctl restart radiusd
Warning: radiusd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
[root@myfreeradius daloradius]# systemctl daemon-reload
[root@myfreeradius daloradius]# systemctl restart radiusd
[root@myfreeradius daloradius]# systemctl restart mariadb
[root@myfreeradius daloradius]# systemctl restart httpd
[root@myfreeradius daloradius]#
7.4安装php-pear
先下载:
root@myfreeradius html]# wget http://pear.php.net/go-pear.phar
--2024-11-07 11:56:08-- http://pear.php.net/go-pear.phar
正在解析主机 pear.php.net (pear.php.net)... 109.203.101.62
正在连接 pear.php.net (pear.php.net)|109.203.101.62|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 301 Moved Permanently
位置:https://pear.php.net/go-pear.phar [跟随至新的 URL]
--2024-11-07 11:56:09-- https://pear.php.net/go-pear.phar
正在连接 pear.php.net (pear.php.net)|109.203.101.62|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:3629185 (3.5M)
正在保存至: “go-pear.phar”
100%[========================================================================================================================================================>] 3,629,185 1.21MB/s 用时 2.9s
2024-11-07 11:56:13 (1.21 MB/s) - 已保存 “go-pear.phar” [3629185/3629185])
[root@myfreeradius html]#
然后安装:
[root@myfreeradius html]# php go-pear.phar
Below is a suggested file layout for your new PEAR installation. To
change individual locations, type the number in front of the
directory. Type 'all' to change all of them or simply press Enter to
accept these locations.
1. Installation base ($prefix) : /usr
2. Temporary directory for processing : /tmp/pear/install
3. Temporary directory for downloads : /tmp/pear/install
4. Binaries directory : /usr/bin
5. PHP code directory ($php_dir) : /usr/share/pear
6. Documentation directory : /usr/docs
7. Data directory : /usr/data
8. User-modifiable configuration files directory : /usr/cfg
9. Public Web Files directory : /usr/www
10. System manual pages directory : /usr/man
11. Tests directory : /usr/tests
12. Name of configuration file : /etc/pear.conf
1-12, 'all' or Enter to continue:
Beginning install...
Configuration written to /etc/pear.conf...
Initialized registry...
Preparing to install...
installing phar:///var/www/html/go-pear.phar/PEAR/go-pear-tarballs/Archive_Tar-1.4.14.tar...
installing phar:///var/www/html/go-pear.phar/PEAR/go-pear-tarballs/Console_Getopt-1.4.3.tar...
installing phar:///var/www/html/go-pear.phar/PEAR/go-pear-tarballs/PEAR-1.10.15.tar...
installing phar:///var/www/html/go-pear.phar/PEAR/go-pear-tarballs/Structures_Graph-1.1.1.tar...
installing phar:///var/www/html/go-pear.phar/PEAR/go-pear-tarballs/XML_Util-1.4.5.tar...
warning: pear/PEAR dependency package "pear/Archive_Tar" downloaded version 1.4.14 is not the recommended version 1.4.4
install ok: channel://pear.php.net/Archive_Tar-1.4.14
install ok: channel://pear.php.net/Console_Getopt-1.4.3
install ok: channel://pear.php.net/Structures_Graph-1.1.1
install ok: channel://pear.php.net/XML_Util-1.4.5
install ok: channel://pear.php.net/PEAR-1.10.15
PEAR: Optional feature webinstaller available (PEAR's web-based installer)
PEAR: Optional feature gtkinstaller available (PEAR's PHP-GTK-based installer)
PEAR: Optional feature gtk2installer available (PEAR's PHP-GTK2-based installer)
PEAR: To install optional features use "pear install pear/PEAR#featurename"
The 'pear' command is now at your service at /usr/bin/pear
** The 'pear' command is not currently in your PATH, so you need to
** use '/usr/bin/pear' until you have added
** '/usr/bin' to your PATH environment variable.
Run it without parameters to see the available actions, try 'pear list'
to see what packages are installed, or 'pear help' for help.
For more information about PEAR, see:
http://pear.php.net/faq.php
http://pear.php.net/manual/
Thanks for using go-pear!
[root@myfreeradius html]#
安装DB
扩展库:
[root@myfreeradius html]# pear install DB
downloading DB-1.12.2.tgz ...
Starting to download DB-1.12.2.tgz (137,662 bytes)
.............................done: 137,662 bytes
install ok: channel://pear.php.net/DB-1.12.2
[root@myfreeradius html]#
8.登录WEB管理界面
http://192.168.250.153/daloradius/login.php
默认用户名: administrator 密码: radius
关于汉化部分,下一节做介绍。