First,thx to alan zhang for help!
freeradius安装(安装版本:1.1.7i)
编译freeradius前先安装gcc g++ libc6 libg++2.8.1.3-glibc2.2 perl libltdl3 libltdl3-dev。
adduser, lsb-base (>= 3.0-6), libc6 (>= 2.3.6-6), libgdbm3, libltdl3 (>= 1.5.2-2), libpam0g (>= 0.76), libperl5.8 (>= 5.8.8)。其实最近才发现,运行命令apt-get build-dep freeradius就会自动把dependency所需要的库自动安装好,我还真是够菜。。。。。。。
下载freeradius,解压缩编译安装。
tar –zxvf freeradius*.gz
# cd freeradius-1.1.7
# ./configure --with-rlm-sql-lib-dir=/usr/lib/ /*mysql的链接库文件 .so文件*/
--with-rlm-sql-include-dir=/usr/include/mysql/ /*mysql的头文件 .h文件*/
--with-experimental-modules \
--with-rlm_python \
--with-static-modules=python
如在64位操作系统上编译,还要加上CFLAGS=-fPIC,因为64位操作系统不允许静态库链接到一个共享库。
# make
# make install WITH_MYSQL=yes
Dan-Cristian Bogos a crit :
> Marc,
>
> try this (as I have written in freeradius list) - should work fine if
> u follow the exact steps. I am compiling it statically since this was
> the building policy recommended by developers:
>
> 1. Grab the sources and unpack them (1.1.7 version)
> 2. After unpacking, run from within the source folder:
> ./configure --with-static-modules=python
> make
> 3. Your make will stop here: "libtool: link: cannot find the library
> `../modules/rlm_python/rlm_python.la' or unhandled argument
> `../modules/rlm_python/rlm_python.la'"
> 4. Go into ./src/modules/rlm_python
> 5. run ./configure + make + make install
> 6. Go back to root of sources and run again make + make install.
>
> Hope that will do,
> DanB
默认的安装目录是/usr/local/,配置文件都在/usr/local/etc/raddb/
把启动脚本文件复制到/etc/init.d目录下
cp /源码路径/scripts/rc.radiusd /etc/init.d/radiusd
设置开机自启动服务:
# update-rc.d radiusd defaults
配置freeradius
修改 clients.conf
# vi /usr/local/etc/raddb/clients.conf
client 127.0.0.1 {
secret = testing123
shortname = localhost
nastype = other
} //默认已有。这里secret = testing123 表示从127.0.0.1这个客户端连接radius服务所需要用的密码。
修改 naslist ,加入:
# vi /usr/local/etc/raddb/naslist
localhost local portslave
//默认已有
配置radiusd用mysql来认证。先在mysql里面创建数据库:
# mysqladmin -u root -p create radius
# cd /home/alan/freeradius-1.1.7/doc/examples
# mysql -u root -p radius < mysql.sql
向数据库里增加一些数据:
# mysql –u root –p
Use radius;
Insert into radcheck (username,attribute,op,value) values ('1001@superdir.sincetech.net','User-Password','==','1001');
Insert into radreply (username,attribute,op,value) values ('1001@superdir.sincetech.net','Reply-Message','=','Authenticated');
编辑 radiusd.conf 使其支持mysql认证;
# vi /usr/local/etc/raddb/radiusd.conf
authorize {
preprocess
chap
mschap
suffix
sql
...
}
accounting {
...
sql
...
}
在modules {下面找到digest,去掉注释,默认已去掉
在authorize {}和authenticate {}下去掉digest的注释,保存退出
编辑 sql.conf ,使radius可以访问mysql
# vi /usr/local/etc/raddb/sql.conf
sql {
driver = "rlm_sql_mysql"
server = "localhost"
login = "root"
password = "mysql的密码"
radius_db = "radius"
// 剩下的配置就默认吧 (如果您要做用户帐号/网卡MAC/电话号码绑定之类的东西,那就例外,可以改下面的配置)
}
加入以下内容:
client 192.168.1.91 {
secret = testing123
shortname = openser
}
配置字典文件
~# vi /usr/local/etc/raddb/dictionary
加入下面这行:
$INCLUDE /usr/local/etc/radiusclient-ng/dictionary.openser
该文件由openser编译时产生,在/usr/local/etc/openser目录下,先复制到/usr/local/etc/radiusclient-ng/目录下,但这个文件最好自己扩展一下。
为了让radius能正确地调用mysql,还要指定一下库的位置:
# echo /usr/lib >> /etc/ld.so.conf
# echo /usr/local/lib >> /etc/ld.so.conf
# ldconfig
安装radiusclient
~# tar -zxvf radiusclient-ng-X.Y.Z.tar.gz
~# cd radiusclient-ng-X.Y.Z
~# ./configure
~# make
~# make install
配置radiusclient
配置openser with freeradius:
生成OpenSER RADIUS Dictionary
~# cp /usr/local/etc/openser/dictionary.radius /usr/local/etc/radiusclient-ng/dictionary.openser
~# vi /usr/local/etc/radiusclient-ng/dictionary.openser
~# vi /usr/local/etc/radiusclient-ng/radiusclient.conf
将以下localhost改成服务器地址:
...
authserver localhost
...
acctserver localhost
...
~# vi /usr/local/etc/radiusclient-ng/servers
加入服务器地址和secret的对应
192.168.1.91 testing123
~# vi /usr/local/etc/radiusclient-ng/dictionary
加入下面这行:
$INCLUDE /usr/local/etc/radiusclient-ng/dictionary.openser
将/usr/local/etc/radiusclient-ng/目录下的所有文件改成可读。
chmod 644 /usr/local/etc/radiusclient-ng/*
openser.cfg文件稍后更新
cdrtool安装稍后更新
安装cdrtool时,一定要安装SOAP,memcached的开发库和客户端,不然启动有问题。
cdrtool depends on php5-cli | php4-cli; however:
Package php5-cli is not installed.
Package php4-cli is not installed.
cdrtool depends on php5-curl | php4-curl; however:
Package php5-curl is not installed.
Package php4-curl is not installed.
cdrtool depends on php-pear; however:
Package php-pear is not installed.
cdrtool depends on php-soap; however:
Package php-soap is not installed.
cdrtool depends on mrtg; however:
Package mrtg is not installed.
cdrtool depends on php5-memcache | php4-memcache; however:
Package php5-memcache is not installed.
Package php4-memcache is not installed.
cdrtool depends on monit; however:
Package monit is not installed.
cdrtool depends on smarty; however:
Package smarty is not installed.
几点说明:
Radius.conf文件中,digest模块与配置一定要打开,我以前就是没打开,造成注册不能。
在mysql数据库中加入用户,用户名后面的域要与openser.cfg 文件中raduis_www_authorize()中的域名一致。
Named服务最好还是要装一下。
目前来看,数据库中auth-type属性(attribute)可以不加。
要在radius表中产生主叫和被叫信息,要在openser.cfg 中增加radius_extra参数:
modparam("acc","radius_extra", "Sip-RPid=$avp(s:rpid);\
User-Name=$Au;\
Calling-Station-Id=$from;\
Called-Station-Id=$to")
freeradius编译rlm_python,./configure前要安装python-2.4 libpythonize0-dev.安装python-memcached前要安装python-setuptools.
cdrtool一定要在apache2里设置虚拟主机,不然cdrtool服务不能启动,freeradius启动会报错。
freeradius要安装1.1.3版本,从debian资源库下载源码包,并要打上freeradius.patch补丁,详情查看cdrtool源码包setup/radius/freeradius/readme.txt文件
