[办公软件] Centos6.0之pptpd+mysql+freeradius实现***帐号统一认证管理

-rw-r--r-- 1 root root 684342  6月 19 22:49 ppp-2.4.5.tar.gz
-rw-r--r-- 1 root root  74048  6月 19 22:49 pptpd-1.3.4-2.el6.i686.rpm

[root@node1 ~]# vim /etc/pptpd.confpptpd.conf
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.182.133
remoteip 172.16.0.2-254

[root@node1 ~]# vim /etc/ppp/options.pptpd
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
ms-dns 8.8.8.8
logfile /var/log/pptpd.log

[root@node1 ~]# vim /etc/ppp/chap-secretsSecrets for authentication using CHAPclient    server  secret          IP addresses
test      pptpd   test123

[root@node1 ~]# cat /etc/sysctl.conf |grep -v ^# |grep -v ^#
net.ipv4.ip_forward = 1

[root@node1 ~]# iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -j MASQUERADE

yum install mysql freeradius* -y

mysql> create database radius;

[root@node1 ~]# mysql -u root -p  radius < /etc/raddb/sql/mysql/admin.sql
[root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/cui.sql
[root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/nas.sql
[root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/schema.sql
[root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/wimax.sql

mysql> insert into radius.radcheck (Username,Attribute,op,Value) values('lansgg','password','==','lansgg123')

[root@node1 ~]# vim /etc/raddb/radiusd.conf
700     $INCLUDE sql.conf

[root@node1 ~]# vim /etc/raddb/sql.conf
28     database = "mysql"
33     driver = "rlm_sql_${database}"
36     server = "localhost"
38     login = "root"
39     password = "123"
42     radius_db = "radius"
50     acct_table1 = "radacct"
51     acct_table2 = "radacct"
100     readclients = yes
ps:前面的子标为行数哈

[root@node1 ~]# vim /etc/raddb/sites-enabled/default
69 authorize {
170 #     files
177     sql
252 authenticate {
297 #     unix
333 preacct {
372 #     files
389 #     unix
406     sql
449 session {
454     sql
461 post-auth {
475     sql

[root@node1 ~]# vim /etc/raddb/sites-enabled/inner-tunnel
124 #     files
131     sql
223 #     unix
255     sql
277     sql

[root@node1 ~]# vim /etc/raddb/eap.conf
30         default_eap_type = peap

[root@node1 ~]# tar zxvf ppp-2.4.5.tar.gz

[root@node1 ~]# mkdir /etc/ppp/radius
[root@node1 ~]# cp -R  ppp-2.4.5/pppd/plugins/radius/etc/ /etc/ppp/radius/

[root@node1 etc]# vim radiusclient.conf
auth_order    radius
login_tries   4
login_timeout   60
nologin /etc/nologin
issue   /etc/ppp//radius/etc/issue
authserver    localhost:1812
acctserver    localhost:1813
servers     /etc/ppp/radius/etc/servers
dictionary    /etc/ppp/radius/etc/dictionary
login_radius  /usr/local/sbin/login.radius
seqfile     /var/run/radius.seq
mapfile     /etc/ppp/radius/etc/port-id-map
default_realm
radius_timeout  10
radius_retries  3
login_local   /bin/login

[root@node1 etc]# vim /etc/ppp/radius/etc/dictionary
INCLUDE /etc/ppp/radius/etc/dictionary.microsoft
INCLUDE /etc/ppp/radius/etc/dictionary.ascend  #新增
INCLUDE /etc/ppp/radius/etc/dictionary.merit  #新增
INCLUDE /etc/ppp/radius/etc/dictionary.compat  #新增

[root@node1 etc]# vim /etc/ppp/options.pptpd
plugin /usr/lib/pppd/2.4.5/radius.so  #新增
radius-config-file /etc/ppp/radius/etc/radiusclient.conf  #新增

[root@node1 raddb]# vim /etc/raddb/clients.conf
101     secret      = lansggtest

[root@node1 raddb]# vim /etc/ppp/radius/etc/servers
5 localhost                     lansggtest