[转载]pptpd+radius+mysql 安装攻略(part3 mysql部分)
文章作者: i_amok信息来源:CCF
1.需要软件,什么都不需要。
你只要给各mysql的库就好了,库结构在
freeradius源码目录下的/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql
你建立一个数据库就好了,我在我自己的机器上建立了一个名字为radius的数据库
并且导入了这个数据库的结构。
2。配置sql.conf
先回到刚才的freeradius的配置文件目录
代码:
cd /usr/local/freeradius-1.1.0/etc/raddb
vi sql.conf
修改连接信息
代码:
# Connect info
server = "192.168.8.53"
login = "radius"
password = "radius"
# Database table configuration
radius_db = "radius"
去掉下面的simul。。。。前面的#
打开sql的用户同时连接数测试的语句
代码:
# Uncomment simul_count_query to enable simultaneous use checking
simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
3.配置radiusd.conf
注释掉 authorize {
的files
去掉sql前的注释
注释掉 preacct {
的files
注释掉 accounting {
的radutmp
去掉sql前面的#
注释掉 session{
的radutmp
去掉sql前面的#
去掉 post-auth {
sql前的#
总之就是去掉files模块,开启sql模块
4。在数据库中添加用户
在usergroup中添加一个test用户,组名为vpn
在radgroupcheck中添加一个vpn组,
attribute为Simultaneous-Use
op为:=
value为1
的纪录
在radcheck中添加
username为test
attribute为 User-Password
op为==
value为test
这样就添加了一个用户为test,组为vpn,密码为test
并且所有的组用户的都只能1个用户名登陆一次
5.测试
用debug模式启动radiusd
会看到
代码:
[root@kdfng raddb]# ../../sbin/radiusd -x
Starting - reading configuration files ...
Using deprecated naslist file. Support for this will go away soon.
Module: Loaded exec
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded eap
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
rlm_eap: Loaded and initialized type gtc
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Loaded SQL
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius@192.168.8.53:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
Module: Instantiated acct_unique (acct_unique)
Module: Loaded realm
Module: Instantiated realm (suffix)
Module: Loaded detail
Module: Instantiated detail (detail)
Initializing the thread pool...
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
用test用户登陆一下.
会看到
代码:
rad_recv: Access-Request packet from host 127.0.0.1:32768, id=222, length=146
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "test"
MS-CHAP-Challenge = 0xb6a9e94b94c3c386875043efd5144e17
MS-CHAP2-Response =
0x38006d78036bb5e40ddeca0ce96b944619e000000000000000007b887b8762be38eb111a94a4b581925b85e07453a38a070f
Calling-Station-Id = "192.168.8.53"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
rlm_sql (sql): Processing sql_postauth
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
Sending Access-Accept of id 222 to 127.0.0.1 port 32768
MS-CHAP2-Success = 0x38533d33453434464142394232444230413143464539453832444536453534373331383833454238414536
MS-MPPE-Recv-Key = 0x53a3812a0fd5b6f7b1cf4f6f6796f26b
MS-MPPE-Send-Key = 0xb8be60559cbc46fd4da277516d6584f3
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
rad_recv: Accounting-Request packet from host 127.0.0.1:32768, id=223, length=110
Acct-Session-Id = "43EC0822056A00"
User-Name = "test"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "192.168.8.53"
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Framed-IP-Address = 10.10.110.1
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Acct-Delay-Time = 0
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
Sending Accounting-Response of id 223 to 127.0.0.1 port 32768
如果你把Simultaneous-Use改成0
会看到
代码:
rad_recv: Access-Request packet from host 127.0.0.1:32768, id=225, length=146
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "test"
MS-CHAP-Challenge = 0x2295d4d65913cbc0a7836e986fe4a998
MS-CHAP2-Response =
0x34001739a3331c1a1a938eed99cda89b691f0000000000000000a8a9e9ae2eadaa6b1acb93e368113dc4ed47dac0a20b1ed8
Calling-Station-Id = "192.168.8.53"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
rad_recv: Access-Request packet from host 127.0.0.1:32768, id=225, length=146
Sending Access-Reject of id 225 to 127.0.0.1 port 32768
Reply-Message := "\r\nYou are already logged in - access denied\r\n\n"
提示已经登陆过了,可见那个选项时生效的.
另,我找一个会俄语的,帮我看看
FreeNIBS
FreeNIBS is a loadable plugin for the FreeRADIUSradius server. FreeNIBS provides authorization,authentication, and
accounting for dial-in(PPP/PPPOE/PPTP) users. It can be used forreal-time prepaid and postpaid billing. FreeNIBScan bill
users based on service accuration, time,traffic, and both time and traffic. FreeNIBS hasvery flexible settings for groups,
users, andprices. All data is stored in SQL databases suchas MySQl, PgSQL, and Oracle.
这个东西只有俄文的手册,死活看不来.连配置文件都是俄文的......
如果加上这个就能实现时间和流量的限制.
页:
[1]