04_ubuntu radius 服务安装配置与测试
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了04_ubuntu radius 服务安装配置与测试,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含3850字,纯文字阅读大概需要6分钟。
内容图文
![04_ubuntu radius 服务安装配置与测试](/upload/InfoBanner/zyjiaocheng/935/9568bf336e184f91abd9a067497a8150.jpg)
04_ubuntu radius 服务安装配置
参考
https://blog.csdn.net/qq_33385691/article/details/82498772
1.安装
sudo apt-get install freeradius freeradius-ldap freeradius-mysql
2.配置
- 用户配置
vim /etc/freeradius/user
steve Cleartext-Password := "testing" #用户名 steve, 密码 testing
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
- 配置key
vim /etc/freeradius/clients.conf
client localhost {
# hostname (radius.example.com)
ipaddr = 127.0.0.1
# OR, you can use an IPv6 address, but not both
# ipv6addr = :: # any. ::1 == localhost
secret = testing123
3.重启服务
sudo /etc/init.d/freeradius restart
sudo service freeradius restart
4.基本功能测试
- 服务端
sudo service freeradius stop
sudo freeradius -X #前台运行, 开启调试模式
sudo freeradius #后台运行模式
- 客户端 测试命令:
radtest Username Password ServerIP Port Secret
radtest 用户名 密码 地址 端口 key
测试实例1:
radtest steve testing localhost 1812 testing123
Sending Access-Request of id 76 to 127.0.0.1 port 1812
User-Name = "steve"
User-Password = "testing"
NAS-IP-Address = 0.0.0.22
NAS-Port = 1812
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=76, length=71
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 172.16.3.33
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
5.添加一个新用户
- 增加一个测试用户: 用户test, 密码5678
sudo vim /etc/freeradius/users
test Cleartext-Password := "5678"
Tip: 注意tab 对齐
- 配置客户端访问控制
sudo vim /etc/freeradius/clients.conf
client 192.168.56.0/24 {
secret = testing234
shortname = privat-network-1
}
- 重启服务
sudo service freeradius stop
sudo freeradius -X
4.测试
客户端:
# radtest test 5678 192.168.56.111 0 testing234
Sending Access-Request of id 137 to 192.168.56.111 port 1812
User-Name = "test"
User-Password = "5678"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 192.168.56.111 port 1812, id=137, length=20
服务端:
# sudo freeradius -X
rad_recv: Access-Request packet from host 192.168.56.111 port 51631, id=137, length=74
User-Name = "test"
User-Password = "5678"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0xb81f77e46da45055d14413911e50e7af
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[files] users: Matched entry test at line 86
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = updated
+} # group authorize = updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+group PAP {
[pap] login attempt with password "5678"
[pap] Using clear text password "5678"
[pap] User authenticated successfully
++[pap] = ok
+} # group PAP = ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+group post-auth {
++[exec] = noop
+} # group post-auth = noop
Sending Access-Accept of id 137 to 192.168.56.111 port 51631
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 137 with timestamp +19
Ready to process requests.
6.添加一个网段认证
# vim /etc/free/radius/client.conf
client 192.168.56.0/24 {
secret = testing234
shortname = private-network-1
}
client 10.68.4.0/24 {
secret = testing123
shortname = private-network-3
}
内容总结
以上是互联网集市为您收集整理的04_ubuntu radius 服务安装配置与测试全部内容,希望文章能够帮你解决04_ubuntu radius 服务安装配置与测试所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。