在CentOS 7/RHEL 7上安装FreeRADIUS和Daloradius
时间:2020-02-23 14:31:19 来源:igfitidea点击:
FreeRADIUS是根据GNU通用公共许可证开发的高性能,开源RADIUS服务器。 FreeRADIUS是世界上最常用的RADIUS服务器。 FreeRADIUS带有基于Web的用户管理工具,并且是模块化的,可扩展性强的功能集。这是在CentOS 7/RHEL 7上安装FreeRADIUS和Daloradius的方法。
RADIUS代表远程身份验证拨入用户服务,是一种网络协议,是一种系统,用于定义网络设备之间的通信规则和约定,以进行远程用户身份验证和记帐。 RADIUS通常用于提供AAA服务;授权。身份验证和记帐。
FreeRADIUS是部署最广泛的RADIUS服务器,因为它支持所有常见的身份验证协议,并且通过Dialupadmin Web GUI成为开源并简化了用户管理。该服务器还带有用于LDAP和数据库系统集成的模块,例如MySQL,PostgreSQL,Oracle 等
设置初始化
更新CentOS/RHEL系统
sudo yum -y update sudo reboot
如果要无缝安装而不接触SELinux管理工具,则将SELinux设置为许可模式。
sudo setenforce 0 sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
在CentOS 7和RHEL 7上安装FreeRADIUS和Daloradius
让我们开始在CentOS 7和RHEL 7上安装FreeRADIUS和Daloradius。
安装httpd服务器和开发工具
sudo yum -y groupinstall "Development Tools" sudo yum -y install httpd httpd-devel
启动并启用httpd服务器
sudo systemctl enable --now httpd
检查httpd服务器的状态以确保其运行
[theitroad@localhost ~]# systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2015-08-06 22:03:15 UTC; 8s ago Docs: man:httpd(8) man:apachectl(8) Main PID: 3824 (httpd) Status: "Processing requests..." CGroup: /system.slice/httpd.service ├─3824 /usr/sbin/httpd -DFOREGROUND ├─3825 /usr/sbin/httpd -DFOREGROUND ├─3826 /usr/sbin/httpd -DFOREGROUND ├─3827 /usr/sbin/httpd -DFOREGROUND ├─3828 /usr/sbin/httpd -DFOREGROUND └─3829 /usr/sbin/httpd -DFOREGROUND Aug 06 22:03:15 freeradius systemd[1]: Starting The Apache HTTP Server... Aug 06 22:03:15 freeradius httpd[3824]: AH00558: httpd: Could not reliably determine th...age Aug 06 22:03:15 freeradius systemd[1]: Started The Apache HTTP Server. Hint: Some lines were ellipsized, use -l to show in full.
安装和配置MariaDB
使用以下步骤安装并配置MariaDB 10:将MariaDB官方Repo内容添加到CentOS 7系统
sudo tee /etc/yum.repos.d/MariaDB.repo<<EOF [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.4/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 EOF
安装MariaDB配置数据库服务器
sudo yum -y install MariaDB-server MariaDB-client
系统将提示我们安装MariaDB GPG签名密钥。只需按y即可进行安装。启动并启用MariaDB在引导时运行
sudo systemctl start --now mariadb
检查是否正在运行以及是否已启用
systemctl status mariadb
配置初始MariaDB设置以保护它。在这里我们将设置root密码。为了安全起见,请考虑删除匿名用户并禁止远程root登录。请参阅下面显示的示例配置。键选择用红色标记。
[theitroad@localhost ~]$sudo mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
为freeradius配置数据库
$mysql -u root -p CREATE DATABASE radius; GRANT ALL ON radius.* TO theitroad@localhost IDENTIFIED BY "StrongradIusPass"; FLUSH PRIVILEGES; \q
安装PHP和所需的模块
添加EPEL和Remi存储库,然后安装PHP和其他在CentOS 7上运行Daloradius所需的扩展。
sudo yum -y install epel-release
sudo yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
sudo yum -y install yum-utils
sudo yum-config-manager --disable remi-php54
sudo yum-config-manager --enable remi-php72
sudo yum -y install php php-{cli,curl,mysqlnd,devel,gd,pear,mcrypt,mbstring,xml,pear}
检查PHP版本以确认
$php -v PHP 7.2.23 (cli) (built: Sep 25 2019 07:38:48) ( NTS ) Copyright (c) 1997-2016 The PHP Group Zend Engine v3.2.0, Copyright (c) 1998-2016 Zend Technologies
在CentOS 7/RHEL 7上安装FreeRADIUS
现在,在终端中运行以下命令以在CentOS 7/RHEL 7上安装FreeRADIUS。
sudo yum -y install freeradius freeradius-utils freeradius-mysql
我们必须启动并启用freeradius才能在启动时启动。
sudo systemctl enable --now radiusd.service
现在我们可以检查状态:
$systemctl status radiusd.service
● radiusd.service - FreeRADIUS high performance RADIUS server.
Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-10-10 13:03:52 UTC; 22s ago
Process: 21754 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS)
Process: 21750 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS)
Process: 21749 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=0/SUCCESS)
Main PID: 21757 (radiusd)
CGroup: /system.slice/radiusd.service
└─21757 /usr/sbin/radiusd -d /etc/raddb
Oct 10 13:03:52 cent7.novalocal systemd[1]: Starting FreeRADIUS high performance RADIUS server….
Oct 10 13:03:52 cent7.novalocal systemd[1]: Started FreeRADIUS high performance RADIUS server..
如果我们正在运行防火墙服务,请允许半径和HTTP流量进出。 Radius服务器使用udp端口1812和1813. 这可以通过查看文件/usr/lib/firewalld/services/radius.xml的内容来确认。
sudo firewall-cmd --add-service={http,https,radius} --permanent
重新加载防火墙,以使更改生效
sudo firewall-cmd --reload
通过使用选项-X在调试模式下运行来测试Radius服务器
$sudo ss -tunlp | grep radiusd
udp UNCONN 0 0 *:44132 *:* users:(("radiusd",pid=21757,fd=12))
udp UNCONN 0 0 127.0.0.1:18120 : users:(("radiusd",pid=21757,fd=11))
udp UNCONN 0 0 *:1812 *:* users:(("radiusd",pid=21757,fd=7))
udp UNCONN 0 0 *:1813 *:* users:(("radiusd",pid=21757,fd=8))
udp UNCONN 0 0 [::]:33089 [::]:* users:(("radiusd",pid=21757,fd=13))
udp UNCONN 0 0 [::]:1812 [::]:* users:(("radiusd",pid=21757,fd=9))
udp UNCONN 0 0 [::]:1813 [::]:* users:(("radiusd",pid=21757,fd=10))
在CentOS 7/RHEL 7上配置FreeRADIUS
要将FreeRADIUS配置为使用MariaDB,请执行以下步骤。
1导入Radius数据库方案以填充RADIUS数据库
sudo su mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
2此时配置半径
首先,我们必须在/etc/raddb/mods-enabled下为SQL创建一个软链接
sudo ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
配置SQL模块/raddb/mods-available/sql并更改数据库连接参数以适合环境:
sudo vi /etc/raddb/mods-available/sql
sql部分应类似于以下内容。
sql {
driver = "rlm_sql_mysql"
dialect = "mysql"
# Connection info:
server = "localhost"
port = 3306
login = "radius"
password = "StrongradIusPass"
# Database table configuration for everything except Oracle
radius_db = "radius"
}
# Set to ‘yes’ to read radius clients from the database (‘nas’ table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = "nas"
然后将/etc/raddb/mods-enabled/sql的组权限更改为radiusd:
sudo chgrp -h radiusd /etc/raddb/mods-enabled/sql
安装和配置Daloradius(可选)
我们可以使用Daloradius管理RADIUS服务器。这是可选的,不应在安装FreeRADIUS之前完成。
从Github下载daloradius发布档案。
sudo yum -y install wget wget https://github.com/lirantal/daloradius/archive/master.zip unzip master.zip mv daloradius-master/daloradius
更改目录进行配置
cd daloradius
导入Daloradius mysql表
mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql mysql -u root -p radius < contrib/db/mysql-daloradius.sql
将daloradius文件夹移至/var/www/html中的路径
cd .. sudo mv daloradius /var/www/html/
然后更改http文件夹的权限,并为daloradius配置文件设置正确的权限。
sudo chown -R apache:apache /var/www/html/daloradius/ sudo chmod 664 /var/www/html/daloradius/library/daloradius.conf.php
现在,我们应该修改daloradius.conf.php文件以调整MySQL数据库信息。
sudo vi /var/www/html/daloradius/library/daloradius.conf.php
设置用于连接的数据库名称,用户和密码。
$configValues['CONFIG_DB_HOST'] = 'localhost'; $configValues['CONFIG_DB_PORT'] = '3306'; $configValues['CONFIG_DB_USER'] = 'radius'; $configValues['CONFIG_DB_PASS'] = 'StrongradIusPass'; $configValues['CONFIG_DB_NAME'] = 'radius';
为确保一切正常,请重新启动radius和httpd服务。
sudo systemctl restart radiusd.service httpd systemctl status radiusd.service httpd
服务状态输出应该没有错误:
Finallu运行命令:
sudo pear install DB sudo pear install MDB2
到目前为止,我们已经介绍了daloradius和freeradius的完整安装和配置,要访问daloradius,请使用IP地址打开链接:
http://ip-address/daloradius/login.php
默认登录详细信息是:
Username: administrator Password: radius
这就是daloRADIUS接口的外观。
