在树莓派上安装GUI的FreeRadius(Raspberry PI based FreeRadius Server with GUI)-白红宇

在树莓派上安装GUI的FreeRadius(Raspberry PI based FreeRadius Server with GUI)

阅读量：2094 次

发布时间：2019-04-29

本文共 6091 字，大约阅读时间需要 20 分钟。

Raspberry PI based FreeRadius Server with GUI

I run a small wireless network for a non-profit organization in my home town, it consists of a single high site with internet connectivity, with nine client sites connecting via wireless. The network is built with Ubiquiti hardware, with a Mikrotik 750 handling the routing. I also use this network for experimentation and learning. One of the things that I have been keen on doing is managing it as though it is a commercial network in terms of the network architecture. To this end I have decided to deploy a Raspberrry Pi based Radius server for PPPoE Authentication. The Mikrotik will serve as the PPPoE server, and the Raspberry Pi Radius server will be managed with DaloRADIUS. The instructions below should be easy to use on any Debian based distro.

This tutorial will not cover installation of Raspbian onto your Raspberry Pi.

What you will need:

A Raspberry Pi Model B

A 4GB+ SD Card running Raspbian

SSH Access (or a terminal on the device)

PPPoE server (Mikrotik 750 in my case)

An internet connection

Log into the Raspberry Pi via SSH or a Terminal Window:

Configure the IP Address

Edit /etc/network/interfaces to reflect your network settings

      vi /etc/network/interfaces 

Change from:

      iface lo inet loopback 

 iface eth0 inet dhcp 

 allow-hotplug wlan0 

 allow-hotplug wlan0 

 iface wlan0 inet manual 

 wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf 

 iface default inet dhcp

To:

      auto lo 

 iface lo inet loopback 

 auto eth0 

 iface eth0 inet static 

 address 10.3.0.2 

 netmask 255.255.255.252 

 gateway 10.3.0.1 

 dns-nameservers 10.0.0.1 

 allow-hotplug wlan0 

 allow-hotplug wlan0 

 iface wlan0 inet manual 

 wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf 

 iface default inet dhcp

Remember to adjust for your own network parameters

Install FreeRADIUS and other prerequisites, remember to note the password for your mysql server:

      $apt-get install freeradius freeradius-mysql apache2 php5 libapache2-mod-php5 mysql-server mysql-client php5-mysql php-pear php5-gd php-db 

Download and extract the DaloRADIUS package to /var/www:

      cd /usr/src 

 wget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz 

 tar zxvf daloradius-0.9-9.tar.gz -C /var/www/ 

 mv /var/www/daloradius-0.9-9/ /var/www/daloradius 

 cd /var/www/daloradius

Configure the DaloRadius/Freeradius database

      mysql -uroot -p 

 mysql>create database radiusdb; 

 mysql>exit 

 mysql -u root -p radiusdb < /usr/src/daloradius/contrib/db/fr2-mysql-daloradius-and-freeradius.sql 

 mysql -u root -p 

 mysql>CREATE USER 'radiususer'@'localhost'; 

 mysql>SET PASSWORD FOR 'radiususer'@'localhost' = PASSWORD('radiuspass'); 

 mysql>GRANT ALL ON radiusdb.* to 'radiususer'@'localhost'; 

 mysql>exit

You will aslo need to configure DaloRadius to connect to the database:

       vi /var/www/daloradius/library/daloradius.conf.php 

Input the following values

       $configValues['DALORADIUS_VERSION'] = '0.9-9'; 

 $configValues['FREERADIUS_VERSION'] = '2'; 

 $configValues['CONFIG_DB_ENGINE'] = 'mysql'; 

 $configValues['CONFIG_DB_HOST'] = 'localhost'; 

 $configValues['CONFIG_DB_PORT'] = '3306'; 

 $configValues['CONFIG_DB_USER'] = 'radiusuder'; 

 $configValues['CONFIG_DB_PASS'] = 'radiuspass'; 

 $configValues['CONFIG_DB_NAME'] = 'radiusdb';

The default configuration of FreeRADIUS loads user accounts from a file located at /etc/freeradius/users.

It makes sense to test the functioning of FreeRADIUS before trying to link it to a database. To activate the test user you have to edit /etc/freeradius/users:

       vi /etc/freeradius/users 

Uncomment the following lines:

       #"John Doe" Cleartext-Password := "hello" 

 # Reply-Message = "Hello, %{User-Name}" 

To look like this:

       "John Doe" Cleartext-Password := "hello" 

 Reply-Message = "Hello, %{User-Name}" 

Restart the freeradius service and show the debug console to make sure all is well:

       $/etc/init.d/freeradius stop 

 $freeradius -XXX 

If all goes well you will be presented with the last line :

        Info: Ready to process requests. 

Press CTRL+C to disconnect.

Start the freeradius service again

       $/etc/init.d/freeradius start 

Use radtest to make sure that you can authenticate against the file:

       $radtest "John Doe" hello 127.0.0.1 0 testing123  

 Sending Access-Request of id 180 to 127.0.0.1 port 1812 

         User-Name = "John Doe" 

         User-Password = "hello" 

         NAS-IP-Address = 127.0.1.1 

         NAS-Port = 0 

         Message-Authenticator = 0x00000000000000000000000000000000

Now it is time to switch over to mysql authentication:

       $vi /etc/freeradius/radiusd.conf 

Change the lines that read:

       # $INCLUDE sql.conf&lt 

 # $INCLUDE sql/mysql/counter.conf 

To:

       $INCLUDE sql.conf 

 $INCLUDE sql/mysql/counter.conf 

Update the configuration to reflect the database username and password as chosen earlier:

       $vi /etc/freeradius/sql.conf 

         server = "localhost" 

         #port = 3306 

         login = "radiususer" 

         password = "radiuspass" 

         # Database table configuration for everything except Oracle 

         radius_db = "radiusdb"

Uncomment the lines that read "sql" in the session, accounting and authorize sections

       $vi /etc/freeradius/sites-enabled/default  

Uncomment sql in authorize{}

       # See “Authorization Queries” in sql.conf 

 sql 

Uncomment sql in accounting{}

       # See “Accounting queries” in sql.conf 

 sql 

Uncomment sql in session{}

       # See “Simultaneous Use Checking Queries” in sql.conf 

 sql 

Uncomment sql in post-auth{}

       # See “Authentication Logging Queries” in sql.conf 

 sql 

To test the configuration, stop the freeradius service:

       $service freeradius stop 

Then run the freeradius debug console.

       $freeradius -X 

If it comes back without any errors you can continue.

To enable remote authentication from a Mikrotik device edit /etc/freeradius/clients.conf

Add the following to the end of the file, changing the IP/Class as appropriate.

       $vi /etc/freeradius/clients.conf 

       client 10.0.0.0/24 { 

         secret = mikrotest 

         shortname = mikrotikpppoe 

         nastype= mikrotik 

 }

Also edit /etc/freeradius/dictionary and add mikrotik:

       $vi /etc/freeradius.dictionary 

and add:

       $INCLUDE  /usr/share/freeradius/dictionary.mikrotik 

Restart FreeRadius

       $service freeradius restart 

You can now log in with a web browser on http://<raspberry-ip>/daloradius

username: administrator

password: radius

转载地址：http://vsuhf.baihongyu.com/

你可能感兴趣的文章

Eclipse Memory Analyzer 使用技巧

"NetworkError: 400 Bad Request - http://172.16.47.117:8088/rhip/**/####t/approval?date=976

绑定CPU逻辑核心的利器——taskset

查看>>

Linux下perf性能测试火焰图只显示函数地址不显示函数名的问题

查看>>

c结构体、c++结构体和c++类的区别以及错误纠正

查看>>

Linux下查看根目录各文件内存占用情况

查看>>