学习笔记:上网认证1 FreeRadius安装及与openldap的连接
Freeradius是开源免费并完全兼容RADIUS协议的RADIUS服务器和客户端软件,可以用它对用户的接入和访问特定的网络进行有效的控制,授权,计费等等,它支持多种验证,包括文件,LDAP,数据库等等。
本次测试安装环境centos7
计算机名 freeradius ip:172.16.48.72
1. 先关闭SELinux和firewalld
2. 安装freeradius及与ldap连接工具
yum -y install freeradius freeradius-utils freeradiu-ldap
3.启动测试
# systemctl start radiusd
# systemctl enable radiusd
#systemctl status radiusd
4. 修改配置文件,允许测试账号
vim /etc/raddb/users
把以下一段前面的#注释去掉
steve Cleartext-Password := "testing"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
5. 重启服务 systemctl restart radiusd
测试连接:
[root@freeradius ~]# radtest steve testing localhost 1812 testing123
出现 Received Access-Accept Id 9 from 127.0.0.1:1812 to 0.0.0.0:0 length 71说明认证测试成功
6. 设置与openldap的连接
首先修改 新建或编辑/etc/raddb/mods-available/ldap 文件,下面是去除#注释行的全文
[code][root@freeradius ~]# cat /etc/raddb/mods-available/ldap |grep -v "#" |grep -v "^;"|grep -v "^$" ldap { server = '172.16.0.123' port = 389 identity = 'cn=admin,dc=linbsoft,dc=com' password = 123456 base_dn = 'dc=linbsoft,dc=com' sasl { } update { control:Password-With-Header += 'userPassword' control: += 'radiusControlAttribute' request: += 'radiusRequestAttribute' reply: += 'radiusReplyAttribute' } user { base_dn = "${..base_dn}" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" sasl { } } group { base_dn = "${..base_dn}" filter = '(objectClass=posixGroup)' membership_attribute = 'memberOf' } profile { } client { base_dn = "${..base_dn}" filter = '(objectClass=radiusClient)' template { } attribute { ipaddr = 'radiusClientIdentifier' secret = 'radiusClientSecret' } } accounting { reference = "%{tolower:type.%{Acct-Status-Type}}" type { start { update { description := "Online at %S" } } interim-update { update { description := "Last seen at %S" } } stop { update { description := "Offline at %S" } } } } post-auth { update { description := "Authenticated at %S" } } options { chase_referrals = yes rebind = yes res_timeout = 10 srv_timelimit = 3 net_timeout = 1 idle = 60 probes = 3 interval = 3 ldap_debug = 0x0028 } tls { } pool { start = ${thread[pool].start_servers} min = ${thread[pool].min_spare_servers} max = ${thread[pool].max_servers} spare = ${thread[pool].max_spare_servers} uses = 0 retry_delay = 30 lifetime = 0 idle_timeout = 60 } }
7. /etc/raddb/sites-available/site_ldap文件内容如下
cat /etc/raddb/sites-available/site_ldap
server site_ldap {
listen {
ipaddr = 0.0.0.0
port = 1833
type = auth
}
authorize {
update {
control:Auth-Type := ldap
}
}
authenticate {
Auth-Type ldap {
ldap
}
}
post-auth {
Post-Auth-Type Reject {
}
}
}
8. 建立软连接
ln -s /etc/raddb/sites-available/site_ldap /etc/raddb/sites-enabled/
9. 重启systemctl restart radiusd
测试使用openldap 账号连接
[code][root@freeradius ~]# radtest 20180515 123456 localhost 0 testing123 Sent Access-Request Id 160 from 0.0.0.0:48710 to 127.0.0.1:1812 length 78 User-Name = "20180515" User-Password = "123456" NAS-IP-Address = 172.16.48.72 NAS-Port = 0 Message-Authenticator = 0x00 Cleartext-Password = "123456" Received Access-Accept Id 160 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
其中 20180515及123456是在openldap的一个账号密码
参考文章:
https://blog.csdn.net/broada2015/article/details/50886298 用802.1X+FreeRadius+LDAP实现网络准入方案
https://blog.csdn.net/cikenerd/article/details/54728652 Centos7 freeradius3 整合 openldap ---》测试成功!!
https://blog.csdn.net/zy517863543/article/details/78914150 安装FreeRadius+Daloradius web管理+Daloradius 中文汉化
https://www.cnblogs.com/Kevin-1967/p/8931413.html Freeradius+Cisco2500AC+OpenLdap认证
http://blog.51cto.com/waydee/1103942 FreeRADIUS 测试环境搭建
- 学习笔记:上网认证4 FreeRadius管理工具daloradius安装
- 学习笔记:上网认证3 FreeRadius与mysql的连接
- 学习笔记:上网认证2 RadiusTest 安装及使用
- 学习笔记:上网认证5 设置wifi(AP)通过FreeRadius认证
- 学习笔记(一)——安装与远程连接Linux操作系统
- 【学习笔记】Linux中的 MongoDB 安装、启动、连接以及停止操作详解
- Hive的学习笔记1-hive的安装和mysql的连接
- 【Java学习笔记】54:CentOS下安装MySQL的JDBC驱动并尝试连接
- 开始hadoop前的准备:ubuntu学习笔记-基本环境的搭建(ssh的安装,SecureCRT连接,vim的安装及使用、jdk的安装)
- linux学习笔记-第一课-linux的历史,安装linux,远程连接
- python学习笔记 安装MySQLdb,连接mysql数据库
- 学习笔记(一)——安装与远程连接Linux操作系统
- Linux 学习笔记 (四)Ubuntu14.04 解决上网问题安装无线网卡驱动
- linux学习笔记——ssh远程连接、ssh的key认证
- 学习笔记1——Linux(CentOS)在虚拟机上最小化安装之后的网络配置及其与主机的连接
- 学习笔记1——Linux(CentOS)在虚拟机上最小化安装之后的网络配置及其与主机的连接
- Linux学习笔记:REHL AS4的上网配置,Http服务安装及配置,ftp服务的安装及配置
- 我的Linux笔记4--为了上网学习软件安装
- Linux 学习笔记 (四)Ubuntu14.04 解决上网问题安装无线网卡驱动
- FreeBSD学习笔记10-用FTP方式安装FreeBSD