搭建FreeRadius认证服务器

戈曾琪
2023-12-01

1.yum源安装

shell> yum install freeradius

2.编辑认证用户信息

shell> vi /etc/raddb/users

最上方加入如下两行,testing用户名,密码123456,服务器返回“Hello,testing,认证成功!”

testing Cleartext-Password := "123456"
        Reply-Message := "Hello, %{User-Name},认证成功!"

3.编辑认证客户端信息

shell> vi /etc/raddb/clients.conf

最下方加入如下两行
client 1 {
    ipaddr = 192.168.90.116
    secret = 123456
}
client 2 {
    ipaddr = 192.168.1.110
    secret = 123456
}

注意:需要修改此文件中secret为123456

4.开启radius服务

shell> radiusd -X

5.client端测试

先安装freeradius-utils
shell> yum -y install freeradius-utils

shell> radtest testing 123456 10.3.6.10 0 123456

Sent Access-Request Id 91 from 0.0.0.0:41472 to 10.3.6.10:1812 length 77
        User-Name = "testing"
        User-Password = "123456"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
        Message-Authenticator = 0x00
        Cleartext-Password = "123456"
Received Access-Accept Id 91 from 10.3.6.10:1812 to 0.0.0.0:0 length 52
        Reply-Message = "Hello, testing,认证成功!"

6.加域认证

shell> vi /etc/raddb/proxy.conf

①注释原有realm,手动添加realm test.com {

######################################################################
#
#
#  This section defines a new-style "realm".  Note the in version 2.0,
#  there are many fewer configuration items than in 1.x for a realm.
#
#  Automatic proxying is done via the "realms" module (see "man
#  rlm_realm").  To manually proxy the request put this entry in the
#  "users" file:

#
#
#DEFAULT        Proxy-To-Realm := "realm_name"
#
#
#realm example.com {
realm test.com {
        #
        #  Realms point to pools of home servers.

②将此处secret改为实际认证secret

        #
        #  The shared secret use to "encrypt" and "sign" packets between
        #  FreeRADIUS and the home server.
        #
        #  The secret can be any string, up to 8k characters in length.
        #
        #  Control codes can be entered vi octal encoding,
        #       e.g. "\101\102" == "AB"
        #  Quotation marks can be entered by escaping them,
        #       e.g. "foo\"bar"
        #  Spaces or other "special" characters can be entered
        #  by putting quotes around the string.
        #       e.g. "foo bar"
        #            "foo;bar"
        #
        secret = qwer

7.client端测试

认证信息如下

username:testing@test.com
password:123456
secret:qwer

8.radius证书更新

shell> mkdir /etc/raddb/OldCerts

shell> cd /etc/raddb/certs

shell> mv ca.* server.* client.* /etc/raddb/OldCerts

shell> mv /etc/raddb/OldCerts/ca.cnf /etc/raddb/OldCerts/server.cnf /etc/raddb/OldCerts/client.cnf /etc/raddb/certs

shell> vim index.txt.attr	//将yes改为no

shell> vim ca.cnf			//将default_days和default_crl_days改为99999

shell> vim server.cnf		//将default_days和default_crl_days改为99999

shell> vim client.cnf		//将default_days和default_crl_days改为99999

shell> ./bootstrap			//生成新证书

shell> chmod 644 ca.key ca.pem server.*

shell> radiusd -X
 类似资料: