<rhel6+pptpd+freeradius+mysql>

本文档来学习实验环境，内容实验结果全部在机房校验，全部正确无误。

系统环境：RHEL6 x86_64 selinux and iptables disabled

软件下载：http :// poptop . sourceforge . net / yum / stable / rhel 6/

安装配置 pptpd

echo 1 > /proc/sys/net/ipv4/ip_forward

yum install ppp -y

rpm -ivh pptpd-1.3.4-2.el6.x86_64.rpm

pptpd 的配置文件 /etc/pptpd.conf

localip 192.168.0.1

remoteip192.168.0.234-238

localip: pptpd server 所在服务器 IP 地址，可以设置为服务器上绑定的任意一个 IP 地址

remoteip: 设置客户端连接到 pptpd server 后可供分配的 Ip 地址范围

添加测试用户/etc/ppp/chap-secrets

#client server secret IP addresses

yakexi pptpd westos *

注意：server 名称必须和 /etc/ppp/options.pptpd 中 name 处设置的名称一致，否则登录

验证无法通过

service pptpd start

netstat -antlp|grep:1723

现在可以用 yakexi 测试了！

安装配置 freeradius

yum install freeradius freeradius-mysql freeradius-utils -y

tar zxf ppp-2.4.5.tar.gz

mkdir /etc/radiusclient

cp ppp-2.4.5/pppd/plugins/radius/etc/* /etc/radiusclient

cd /etc/radiusclient

在 servers 文件中添加 radius 服务器的地址和密码

localhost westos

修改 radiusclient.conf 文件中确保这个文件中所有与 radiusclient 相关的路径都是

以/etc/radiusclient 开头的。例如：

servers /usr/local/etc/radiusclient/servers

修改为：

servers /etc/radiusclient/servers

修改/etc/ppp/options.pptpd，添加如下行：

plugin /usr/lib64/pppd/2.4.5/radius.so

cd /etc/raddb

修改 clients.conf

client localhost {

ipaddr = 127.0.0.1

secret = westos (与/etc/radiusclient/servers 里设置的一致）

....

}

支持 mysql

修改/etc/raddb/radius.conf

$INCLUDE sql.conf #去掉注释

修改/etc/raddb/sites-available/default

authorize {

#files

sql

....

}

accounting {

#radutmp

sql

....

}

session{

#radutmp

sql

}

post-auth {

sql

}

修改/etc/raddb/sql.conf

sql {

database = “mysql“

driver = "rlm_sql_mysql"

server = "localhost"

login = "radius"

password = "radpass"

radius_db = "radius"

....

}

修改/etc/raddb/sql/mysql/dialup.conf,去掉如下行的注释：

simul_count_query = "SELECT COUNT(*) /

FROM ${acct_table1} /

WHERE username = '%{SQL-User-Name}' /

AND acctstoptime IS NULL"

yum install mysql mysql-server -y

service mysqld start

cd /etc/raddb/sql/mysql/

mysqladmin create radius

mysql radius

mysql

mysql> insert into radgroupreply (groupname,attribute,op,value) values

('user','Auth-Type',':=','Local');

mysql> insert into radgroupreply (groupname,attribute,op,value) values

('user','Service-Type',':=','Framed-User');

mysql> insert into radgroupreply (groupname,attribute,op,value) values

('user','Framed-IP-Address',':=','255.255.255.254');

mysql> insert into radgroupreply (groupname,attribute,op,value) values

('user','Framed-IP-Netmask',':=','255.255.255.0');

mysql>insert into radgroupcheck (groupname,attribute,op,value) values

('user','Simultaneous-Use',':=','1'); (限制一个帐号只能拨一次，可选)

mysql> insert into radcheck (username,attribute,op,value) values ('test','UserPassword',':=','test'); (添加帐户 test,密码 test)

mysql> insert into radusergroup (username,groupname) values ('test','user');

以后添加帐户只需要进行以上两步操作即可

service radiusd start

service pptpd stop

service pptpd start

执行命令进行测试：

# radtest test test localhost 0 westos

Sending Access-Request of id 13 to 127.0.0.1 port 1812

User-Name = "test"

User-Password = "test"

NAS-IP-Address = 127.0.0.1

NAS-Port = 0

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=13, length=38

Service-Type = Framed-User

Framed-IP-Address = 255.255.255.254

Framed-IP-Netmask = 255.255.255.0

看到 Access-Accept 字样即表示成功