CentOS 5 編譯及安裝 freeRadius 2.2.0

使用 freeRadius，本文使用版本 2.2.0

下載頁面

以下使用 CentOS 5 環境，以 root 登入

下載原始碼

wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.2.0.tar.gz

解包

tar xzvf freeradius-server-2.2.0.tar.gz

config

cd freeradius-server-2.2.0
./configure --prefix=/

編譯

make

安裝

make install

啟動 radius 服務

radiusd -X

參數 -X 表示要顯示除錯資訊，並會強迫為 foreground，第一次執行會先建立 EAP 相關的檔案，最好是使用 -X 執行，檢視有沒有意外狀況發生。

之後執行只要執行 radiusd 就會以 daemon 的方式執行。

維護 /etc/raddb/clients.conf

原始的 localhost 設定，其中 secret 是這個 client 使用的通行碼。

client localhost {
    ipaddr = 127.0.0.1
    secret = testing123
    require_message_authenticator = no
    nastype = other
}

再來一個給實際使用的範例，172.20.3.1/24 通行碼為 octtelradius

client 172.20.3.1/24 {
    secret = octtelradius
    shortname = my-pool
}

維護 /etc/raddb/users

建立一個使用 pap 認證的 user

"octtel"        Auth-Type := pap, Cleartext-Password := "22635986"
                Reply-Message = "Welcome %{User-Name}."

測試

radtest octtel 22635986 172.20.3.202 1812 octtelradius

Sending Access-Request of id 20 to 172.20.3.202 port 1812
        User-Name = "octtel"
        User-Password = "22635986"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 172.20.3.202 port 1812, id=20, length=37
        Reply-Message = "Welcome octtel."

密碼錯誤的測試
radtest octtel badpass 172.20.3.202 1812 octtelradius

Sending Access-Request of id 95 to 172.20.3.202 port 1812
        User-Name = "octtel"
        User-Password = "badpass"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
        Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Reject packet from host 172.20.3.202 port 1812, id=95, length=37
        Reply-Message = "Welcome octtel."

通行碼錯誤的測試
radtest octtel 22635986 172.20.3.202 1812 badsec

Sending Access-Request of id 78 to 172.20.3.202 port 1812
        User-Name = "octtel"
        User-Password = "22635986"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
        Message-Authenticator = 0x00000000000000000000000000000000
Sending Access-Request of id 78 to 172.20.3.202 port 1812
        User-Name = "octtel"
        User-Password = "22635986"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
        Message-Authenticator = 0x00000000000000000000000000000000
Sending Access-Request of id 78 to 172.20.3.202 port 1812
        User-Name = "octtel"
        User-Password = "22635986"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1812
        Message-Authenticator = 0x00000000000000000000000000000000
radclient: no response from server for ID 78 socket 3