1、使用yum安装即可,确定安装的是freeradius2,而不是1。如果以前又freeradius,先卸载
yum remove freeradius
安装
yum install freeradius2
yum install freeradius2-utils//这个含radtest,用户测试
默认freeradius是使用files方式认证用户,如果不使用数据库,到此安装就搞定了
2、安装完成后就修改配置文件。
vi /etc/raddb/users
找到steve,注释去掉,将steve改成你的用户名。可以建立多个用户,如下:
dalon Cleartext-Password := "testing"
test Cleartext-Password := "testing123"
3、 测试
可执行文件为 /usr/sbin/radius
/usr/sbin/radius -X //debug模式运行,可以看到详细过程。
radtest 测试server是否能响应:
radtest test testing localhost 0 testing123
test和testing分别为用户名和密钥,对于配置文件users里面的内容。
localhost为配置文件clients.conf中的内容,默认针对localhost密钥为testing123
0 意思为NAS-PORT 0,默认为0,所以不用配置。见文件 /etc/raddb/radiusd.conf中配置,如下:
listen {
ipaddr = * //监听IPV4所有地址
# ipv6addr = ::
port = 0 //nas-port
type = acct
# interface = eth0
# clients = per_socket_clients
}
测试正确的结果如下(下面是测试IPV6):
[root@CentOS~]# radtest -6 test test123 ::1 0 testing123
Sending Access-Request of id 44 to ::1 port 1812
User-Name = "test"
User-Password = "test123"
NAS-IPv6-Address = ::1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host ::1 port 1812,id=44,length=20
4、将服务器改成监听IPV6
需要修改文件
a) /etc/raddb/radiusd.conf
将两个listen {}中 ipaddr = *注掉,ipv6addr = :: 取消注释
b) /etc/raddb/clients.conf
将localhost中的监听地址改成ipv6的,如下:
client localhost {
ipv6addr = ::1# any.::1 == localhost
建立一组client(下面的例子是3000::/64网段为例,也可以使用::/0):
client 3000::/64 {
secret = testing123
shortname = ipv6client //为区别名,和别的组不一样即可
5. 验证通过的debug信息:
rad_recv: Access-Request packet from host 3000::abcd port 60378,id=232,length=45 User-Name = "dalon" User-Password = "testing"# Executing section authorize from file /etc/raddb/sites-enabled/default+- entering group authorize {...}++[preprocess] returns ok++[chap] returns noop++[mschap] returns noop++[digest] returns noop[suffix] No '@' in User-Name = "dalon",looking up realm NULL[suffix] No such realm "NULL"++[suffix] returns noop[eap] No EAP-Message,not doing EAP++[eap] returns noop[files] users: Matched entry dalon at line 76++[files] returns ok++[expiration] returns noop++[logintime] returns noop++[pap] returns updatedFound Auth-Type = PAP# Executing group from file /etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login attempt with password "testing"[pap] Using clear text password "testing"[pap] User authenticated successfully++[pap] returns ok# Executing section post-auth from file /etc/raddb/sites-enabled/default+- entering group post-auth {...}++[exec] returns noopSending Access-Accept of id 232 to 3000::abcd port 60378Finished request 29.Going to the next requestWaking up in 4.9 seconds.Cleaning up request 29 ID 232 with timestamp +531Ready to process requests.