Установка RADIUS
устанавливаем нужные библиотеки для сборки freeradius
| Code Block |
|---|
| language | bash |
|---|
| title | Установка библиотек |
|---|
|
aptitude install libmysqlclient-dev libgdbm-dev make gcc libtalloc-dev libperl-dev libhiredis-dev |
| Code Block |
|---|
| language | bash |
|---|
| title | Проверка версии Perl |
|---|
|
find /usr/lib/ | grep libperl.so
/usr/lib/x86_64-linux-gnu/libperl.so.5.30
/usr/lib/x86_64-linux-gnu/libperl.so.5.30.0 |
Делаем симлинк для того, чтобы библиотека подгрузилась во время компиляции
| Code Block |
|---|
|
ln -s /usr/lib/x86_64-linux-gnu/libperl.so.5.30 /usr/lib/x86_64-linux-gnu/libperl.so |
| Code Block |
|---|
| language | bash |
|---|
| title | Скачиваем, компилируем и устанавливаем Freeradius версии 3.0.25 |
|---|
|
cd /tmp
wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.25.tar.gz
tar zxvf freeradius-server-3.0.25.tar.gz
cd freeradius-server-3.0.25
./configure --prefix=/usr/local/freeradius --with-rlm-perl-lib-dir=/usr/lib/x86_64-linux-gnu/ \
--with-dhcp=yes --with-openssl=no > /dev/null
make && make install
ln -s /usr/local/freeradius/bin/* /usr/bin/
ln -s /usr/local/freeradius/sbin/* /usr/sbin/
mkdir -p /usr/local/freeradius/var/run/radiusd/
chown freerad:freerad /usr/local/freeradius/var/run/radiusd/ |
В случае проблем при сборке можно использую aptitude разрешить все проблемы
И далее выбрав n downgrade или фиксануть версии пакетов !
Рабочий пример
sudo aptitude install build-essential
The following NEW packages will be installed:
build-essential g++{a} g++-9{a} libc-dev-bin{a} libc6-dev{ab} libcrypt-dev{a} libstdc++-9-dev{a} linux-libc-dev{a}
0 packages upgraded, 8 newly installed, 0 to remove and 0 not upgraded.
Need to get 13,9 MB of archives. After unpacking 73,2 MB will be used.
The following packages have unmet dependencies:
libc6-dev : Depends: libc6 (= 2.31-0ubuntu9) but 2.31-0ubuntu9.2 is installed
The following actions will resolve these dependencies:
Keep the following packages at their current version:
1) build-essential [Not Installed]
2) g++ [Not Installed]
3) g++-9 [Not Installed]
4) libc6-dev [Not Installed]
5) libstdc++-9-dev [Not Installed]
Accept this solution? [Y/n/q/?] n
The following actions will resolve these dependencies:
Downgrade the following packages:
1) libc6 [2.31-0ubuntu9.2 (now) -> 2.31-0ubuntu9 (focal)]
2) libc6-dbg [2.31-0ubuntu9.2 (now) -> 2.31-0ubuntu9 (focal)]
Accept this solution? [Y/n/q/?] Y
The following packages will be DOWNGRADED:
libc6 libc6-dbg
The following NEW packages will be installed:
build-essential g++{a} g++-9{a} libc-dev-bin{a} libc6-dev{a} libcrypt-dev{a} libstdc++-9-dev{a} linux-libc-dev{a}
0 packages upgraded, 8 newly installed, 2 downgraded, 0 to remove and 0 not upgraded.
Need to get 22,3 MB of archives. After unpacking 42,0 MB will be used.
Do you want to continue? [Y/n/?] Y
Файл для автозапуска,- создаем и вставляем в него следующий текст
| Code Block |
|---|
|
nano /etc/init.d/radiusd |
| Code Block |
|---|
| language | bash |
|---|
| title | файл автостарта /etc/init.d/radiusd |
|---|
| collapse | true |
|---|
|
#!/bin/sh
#
# radiusd Start the radius daemon.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
#
# Copyright (C) 2001-2008 The FreeRADIUS Project http://www.freeradius.org
# chkconfig: - 58 74
# description: radiusd is service access provider Daemon.
### BEGIN INIT INFO
# Provides: radiusd
# Required-Start: $remote_fs $network $syslog
# Should-Start: mysql radiusd
# Required-Stop: $remote_fs $syslog
# Should-Stop: radiusd
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start and stop radiusd
# Description: radiusd is access provider service Daemon.
### END INIT INFO
prefix=/usr/local/freeradius
exec_prefix=${prefix}
sbindir=${exec_prefix}/sbin
localstatedir=/var
logdir=${localstatedir}/log/radius
rundir=/usr/local/freeradius/var/run/radiusd/
sysconfdir=${prefix}/etc
#
# If you have issues with OpenSSL, uncomment these next lines.
#
# Something similar may work for MySQL, and you may also
# have to LD_PRELOAD libz.so
#
#LD_LIBRARY_PATH=
#LD_RUN_PATH=:
#LD_PRELOAD=libcrypto.so
export LD_LIBRARY_PATH LD_RUN_PATH LD_PRELOAD
RADIUSD=$sbindir/radiusd
RADDBDIR=${sysconfdir}/raddb
RADIUS_USER='freerad'
DESC="FreeRADIUS"
#
# See 'man radiusd' for details on command-line options.
#
ARGS=""
test -f $RADIUSD || exit 0
test -f $RADDBDIR/radiusd.conf || exit 0
if [ ! -d $rundir ] ; then
mkdir $rundir
chown ${RADIUS_USER}:${RADIUS_USER} $rundir
chmod 775 $rundir
fi
if [ ! -d $logdir ] ; then
mkdir $logdir
chown ${RADIUS_USER}:${RADIUS_USER} $logdir
chmod 770 $logdir
chmod g+s $logdir
fi
if [ ! -f $logdir/radius.log ]; then
touch $logdir/radius.log
fi
chown ${RADIUS_USER}:${RADIUS_USER} $logdir/radius.log
chown -R ${RADIUS_USER}:${RADIUS_USER} /usr/local/freeradius/etc/raddb
chown -R ${RADIUS_USER}:${RADIUS_USER} ${rundir}/..
chmod 660 $logdir/radius.log
case "$1" in
start)
echo -n "Starting $DESC:"
$RADIUSD $ARGS
echo "radiusd"
;;
stop)
[ -z "$2" ] && echo -n "Stopping $DESC: "
[ -f $rundir/radiusd.pid ] && kill -TERM `cat $rundir/radiusd.pid`
[ -z "$2" ] && echo "radiusd."
;;
reload|force-reload)
echo "Reloading $DESC configuration files."
[ -f $rundir/radiusd.pid ] && kill -HUP `cat $rundir/radiusd.pid`
;;
restart)
sh $0 stop quiet
sleep 3
sh $0 start
;;
check)
$RADIUSD -CX $ARGS
exit $?
;;
*)
echo "Usage: /etc/init.d/$RADIUS {start|stop|reload|restart|check}"
exit 1
stop
;;
status)
status \$prog
;;
restart|force-reload)
stop
start
;;
try-restart|condrestart)
if status \$prog > /dev/null; then
stop
start
fi
;;
reload)
exit 3
;;
*)
echo \$"Usage: \$0 {start|stop|status|restart|try-restart|force-reload}"
exit 2
esac |
| Code Block |
|---|
| language | bash |
|---|
| title | Включаем в автозагрузку |
|---|
|
chmod +x /etc/init.d/radiusd
update-rc.d radiusd defaults
update-rc.d radiusd enable |
| Code Block |
|---|
| language | bash |
|---|
| title | Устанавливаем конфигурационные файлы ABillS |
|---|
|
rm /usr/local/freeradius/etc/raddb/sites-enabled/*
cp /usr/abills/misc/freeradius/v3/mods-enabled/perl /usr/local/freeradius/etc/raddb/mods-enabled/perl
cp /usr/abills/misc/freeradius/v3/mods-enabled/sql /usr/local/freeradius/etc/raddb/mods-enabled/sql
cp /usr/abills/misc/freeradius/v3/sites-enabled/abills_default /usr/local/freeradius/etc/raddb/sites-enabled/abills_default
cp /usr/abills/misc/freeradius/v3/sites-enabled/control-socket /usr/local/freeradius/etc/raddb/sites-enabled/control-socket
cp /usr/abills/misc/freeradius/v3/users /usr/local/freeradius/etc/raddb/users |
Меняем в конфиге радиуса
| Code Block |
|---|
|
nano /usr/local/freeradius/etc/raddb/radiusd.conf
prefix = /usr/local/freeradius
user = freerad
group = freerad |
Благодаря модулю sql, можно хранить сервера доступа в базе данных (всё равно необходим перезапуск радиуса после добавления/изменения серверов, но не надо править clients.conf).
Очищаем список серверов доступа из /usr/local/freeradius/etc/raddb/clients.conf (чтоб не было дубликатов из-за записей в базе)
| Code Block |
|---|
|
echo '' > /usr/local/freeradius/etc/raddb/clients.conf
cp /usr/abills/misc/freeradius/v3/mods-enabled/sql /usr/local/freeradius/etc/raddb/mods-enabled/ |
Заполняем нужные нам параметры соединения с БД
| Code Block |
|---|
|
nano /usr/local/freeradius/etc/raddb/mods-enabled/sql |
| Code Block |
|---|
|
sql {
database = "mysql"
driver = "rlm_sql_${database}"
server = "localhost"
port = 3306
login = "abills"
password = "sqlpassword" #вместо sqlpassword подставляем своё значение из $conf{dbpasswd}
radius_db = "abills"
В самом конце файла
'%secretkey%' меняем на ваше значение, которое записано в $conf{secretkey} |
Создаём user и group (если freeradius ранее не был установлен, то без этого не стартует)
| Code Block |
|---|
|
groupadd freerad
useradd -g freerad -s /bash/bash freerad
chown -R freerad:freerad /usr/local/freeradius/etc/raddb |
| Code Block |
|---|
|
chown -R freerad:freerad /usr/local/freeradius/etc/raddb
mkdir /var/run/radiusd/
chown -R freerad:freerad /var/run/radiusd/ |
стартуем в режиме отладки
Дополнительная настройка и тестирование RADIUS
Если запустилось без ошибок, запускаем
| Code Block |
|---|
|
service radiusd start |