1.yum源安装
shell> yum install freeradius
2.编辑认证用户信息
shell> vi /etc/raddb/users
最上方加入如下两行,testing用户名,密码123456,服务器返回“Hello,testing,认证成功!”
testing Cleartext-Password := "123456"
Reply-Message := "Hello, %{User-Name},认证成功!"
3.编辑认证客户端信息
shell> vi /etc/raddb/clients.conf
最下方加入如下两行
client 1 {
ipaddr = 192.168.90.116
secret = 123456
}
client 2 {
ipaddr = 192.168.1.110
secret = 123456
}
注意:需要修改此文件中secret为123456
4.开启radius服务
shell> radiusd -X
5.client端测试
先安装freeradius-utils
shell> yum -y install freeradius-utils
shell> radtest testing 123456 10.3.6.10 0 123456
Sent Access-Request Id 91 from 0.0.0.0:41472 to 10.3.6.10:1812 length 77
User-Name = "testing"
User-Password = "123456"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "123456"
Received Access-Accept Id 91 from 10.3.6.10:1812 to 0.0.0.0:0 length 52
Reply-Message = "Hello, testing,认证成功!"
6.加域认证
shell> vi /etc/raddb/proxy.conf
①注释原有realm,手动添加realm test.com {
######################################################################
#
#
# This section defines a new-style "realm". Note the in version 2.0,
# there are many fewer configuration items than in 1.x for a realm.
#
# Automatic proxying is done via the "realms" module (see "man
# rlm_realm"). To manually proxy the request put this entry in the
# "users" file:
#
#
#DEFAULT Proxy-To-Realm := "realm_name"
#
#
#realm example.com {
realm test.com {
#
# Realms point to pools of home servers.
②将此处secret改为实际认证secret
#
# The shared secret use to "encrypt" and "sign" packets between
# FreeRADIUS and the home server.
#
# The secret can be any string, up to 8k characters in length.
#
# Control codes can be entered vi octal encoding,
# e.g. "\101\102" == "AB"
# Quotation marks can be entered by escaping them,
# e.g. "foo\"bar"
# Spaces or other "special" characters can be entered
# by putting quotes around the string.
# e.g. "foo bar"
# "foo;bar"
#
secret = qwer
7.client端测试
认证信息如下
username:testing@test.com
password:123456
secret:qwer
8.radius证书更新
shell> mkdir /etc/raddb/OldCerts
shell> cd /etc/raddb/certs
shell> mv ca.* server.* client.* /etc/raddb/OldCerts
shell> mv /etc/raddb/OldCerts/ca.cnf /etc/raddb/OldCerts/server.cnf /etc/raddb/OldCerts/client.cnf /etc/raddb/certs
shell> vim index.txt.attr //将yes改为no
shell> vim ca.cnf //将default_days和default_crl_days改为99999
shell> vim server.cnf //将default_days和default_crl_days改为99999
shell> vim client.cnf //将default_days和default_crl_days改为99999
shell> ./bootstrap //生成新证书
shell> chmod 644 ca.key ca.pem server.*
shell> radiusd -X