freeradius学习9--mariadb

本部分学习时，手欠升级了操作系统，索性freeradius软件也都进行了重装，操作系统版本Fedora37。

1、安装软件

#dnf install freeradius

#dnf install freeradius-utils

2、启动服务

#/etc/raddb/certs/bootstrap

#radiusd -X

屏幕调试信息最后出现如下内容，表示成功：

Ready to process requests

3、编辑/etc/raddb/users文件，在顶部添加如下内容：

alice   Cleartext-Password := "passme"

        Reply-Message := "Hello, alice"

4、重启服务，打开第二个窗口运行radtest命令进行测试：

Received Access-Accept Id 245 from 127.0.0.1:1812 to 127.0.0.1:50865 length 34

        Reply-Message = "Hello, alice"

屏幕出现上述信息表示成功。

5、数据库采用MariaDB，版本为10.5.18，数据库安装、配置和启动略过。

登录数据库服务器，创建名为radius的数据库

#mysql -u root -p

MariaDB [(none)]>create database radius;

MariaDB [(none)]>quit

6、安装freeradius-mysql

#dnf install freeradius-mysql

#cd /etc/raddb/mods-config/sql/main/mysql

#mysql -u root -p radius < schema.sql

编辑setup.sql文件，内容如下：

CREATE USER 'radius'@'localhost' IDENTIFIED BY 'password';

GRANT SELECT ON radius.* TO 'radius'@'localhost';

GRANT ALL on radius.radacct TO 'radius'@'localhost';

GRANT ALL on radius.radpostauth TO 'radius'@'localhost';

涂蓝色部分是radius数据库的用户名和密码，可根据需要调整。

#mysql -u root -p < setup.sql

向数据库中插入两条数据

insert into radcheck (username,attribute,op,value)

values ('bob','Cleartext-Password',':=','passme');

insert  into radreply(username,attribute,op,value) values('bob','Reply-Message','=','Hello,bob!');

至此，数据库方面准备完毕。

7、配置sql模块

#cd /etc/raddb/mods-enabled

#ln -s ../mods-available/sql sql

#vi sql

内容如下：

dialect = "mysql"

driver = "rlm_sql_mysql"

server = "localhost"

port = 3306

login = "radius"

password = "password"

8、重启服务，打开第二个窗口运行radtest命令

#radtest bob passme 127.0.0.1 0 testing123

Received Access-Accept Id 246 from 127.0.0.1:1812 to 127.0.0.1:46297 length 32

        Reply-Message = "Hello,bob!"

验证成功！

再观察下服务运行窗口的调试信息

(0) sql: EXPAND %{User-Name}

(0) sql:    --> bob

(0) sql: SQL-User-Name set to 'bob'

rlm_sql (sql): Reserved connection (0)

(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id

(0) sql:    --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bob' ORDER BY id

(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'bob' ORDER BY id

(0) sql: User found in radcheck table

(0) sql: Conditional check items matched, merging assignment check items

(0) sql:   Cleartext-Password := "passme"

(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id

(0) sql:    --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'bob' ORDER BY id

(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'bob' ORDER BY id

(0) sql: User found in radreply table, merging reply items

(0) sql:   Reply-Message = "Hello,bob!"

结论：数据库存储用户名/密码正常开展验证工作。