FreeRadius 1.1.7 + Postgresql 8.1.5 (FreeBSD 6.1系统)

@H_301_14@

一、gmake的安装[①]@H_301_14@

@H_301_14@

1. 需要的文件 @H_301_14@

libiconv-1.11_1.tbz @H_301_14@

gettext-0.17_1.tbz @H_301_14@

gmake-3.81_3.tbz @H_301_14@

2. 安装 @H_301_14@

Pkg_add gettext-0.17_1.tbz @H_301_14@

Pkg_add libiconv-1.11_1.tbz @H_301_14@

Pkg_add gmake-3.81_3.tbz @H_301_14@

@H_301_14@

二、Postgresql的安装 @H_301_14@

@H_301_14@

1. 解压 @H_301_14@

tar zxvf postgresql- 8.1.5 .tar.gz @H_301_14@

2. 进入目录，执行配置程序 @H_301_14@

cd postgresql- 8.1.5 @H_301_14@

./configure --prefix=/usr/local/pgsql @H_301_14@

3. 执行gmake来编译，然后进行安装 @H_301_14@

/usr/local/bin/gmake @H_301_14@

/usr/local/bin/gmake install @H_301_14@

4. 添加一个名为postgres的用户，新建一个用来存放数据库的文件夹，并设置权限 @H_301_14@

pw user add postgres @H_301_14@

mkdir /usr/local/pgsql/data @H_301_14@

chown postgres /usr/local/pgsql/data @H_301_14@

5. 设置权限后，切换到 postgres用户，再初始话数据库： @H_301_14@

su postgres @H_301_14@

/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data @H_301_14@

6. 启动Postgresql: @H_301_14@

$ /usr/local/pgsql/bin/postmaster -D /usr/local/pgsql/data & @H_301_14@

$ LOG: could not create socket for statistics collector: Protocol not supported @H_301_14@

LOG: database system was shut down at 2004-09-17 14:20:52 CST @H_301_14@

LOG: checkpoint record is at 0/9B6E1C @H_301_14@

LOG: redo record is at 0/9B6E1C; undo record is at 0/0; shutdown TRUE @H_301_14@

LOG: next transaction ID: 541; next OID: 17143 @H_301_14@

LOG: database system is ready @H_301_14@

7. 确认已启动 @H_301_14@

$ top @H_301_14@

PID USERNAME PRI NICE SIZE RES STATE TIME Wcpu cpu COMMAND @H_301_14@

891 postgres 96 0 13508K 2708K select 0:00 0.00% 0.00% postgres @H_301_14@

8. 让Postgresql随系统启动 @H_301_14@

在/etc/rc.conf 添加 @H_301_14@

postgresql_enable="YES" @H_301_14@

su postgres -c "/usr/local/pgsql/bin/postmaster -D /usr/local/pgsql/data & " @H_301_14@

@H_301_14@

二、Freeradius 的安装 @H_301_14@

tar zxvf freeradius- 1.1.7 .tar.gz @H_301_14@

cd freeradius- 1.1.7 @H_301_14@

./configure @H_301_14@

cp libltdl/ltdl.h src/include/ @H_301_14@

/usr/local/bin/gmake @H_301_14@

/usr/local/bin/gmake install @H_301_14@

ln /usr/local/pgsql/lib/libpq.so.4 /usr/lib/libpq.so.4 @H_301_14@

@H_301_14@

三、配置FreeRadius[②] @H_301_14@

1. 建立一个数据库并登陆 @H_301_14@

$ /usr/local/pgsql/bin/createdb radius @H_301_14@

$ /usr/local/pgsql/bin/psql radius @H_301_14@

2. 导入表（没成功，我是在pgAdmin 中用sql语句创建） @H_301_14@

/usr/local/pgsql/bin/psql radius @H_301_14@

radius < freeradius- 1.1.7 /doc/examples/postgresql.conf @H_301_14@

3. 修改 FreeRadius 的配置文件 @H_301_14@

1) radiusd.conf配置 @H_301_14@

vi /usr/local/etc/raddb/radiusd.conf @H_301_14@

a) 把 "$INCLUDE ${confdir}/sql.conf" 改成 postgresql.conf @H_301_14@

b) Edit /etc/raddb/radiusd.conf and add a line saying 'sql' to the authorize{} section @H_301_14@

c) add a line saying 'sql' to the accounting{} section to tell FreeRADIUS to store accounting records in sql as well. @H_301_14@

d) add 'sql' to the post-auth{} section if you want to log all Authentication attempts to sql. @H_301_14@

e) add 'sql' to the post-auth{} section if you want to log all Authentication attempts to sql. Like this: @H_301_14@

post-auth { @H_301_14@

# Login successful: get an address from the IP pool. @H_301_14@

ippool @H_301_14@

Post-Auth-Type REJECT { @H_301_14@

# Login Failed: log to sql database. @H_301_14@

sql @H_301_14@

} @H_301_14@

2) postgresql.conf配置 @H_301_14@

vi /usr/local/etc/raddb/sql.conf @H_301_14@

@H_301_14@

driver="rlm_sql_postgresql" @H_301_14@

server = "localhost" @H_301_14@

password = "" @H_301_14@

radius_db = "radius" @H_301_14@

@H_301_14@

3) clients.conf配置( NAS信息) @H_301_14@

vi /usr/local/etc/raddb/clients.conf @H_301_14@

@H_301_14@

client 192.168.0.0/24 { @H_301_14@

secret = testing123 @H_301_14@

shortname = localhost @H_301_14@

nastype = other @H_301_14@

} @H_301_14@

@H_301_14@

4）user 文件（让Radius从radgroupcheck中读取属性） @H_301_14@

将DEFAULT Auth-Type = System改为DEFAULT Auth-Type = Local @H_301_14@

System 指从操作系统中读取信息 @H_301_14@

Local 从 Radius 数据库中读取信息 @H_301_14@

四、测试FreeRadius ( FreeRadius 192.168.0.125 / NAS 192.168.0.120 ) @H_301_14@

1. 在数据库中添加信息 @H_301_14@

建立用户信息： @H_301_14@

insert into radcheck (username,attribute,op,value) values ('stone','Password',':=','wood'); @H_301_14@

insert into radcheck (username,value) values ('123','123'); @H_301_14@

@H_301_14@

建立组信息： @H_301_14@

insert into radgroupcheck (groupname,value) values ('user','Auth-Type','Local'); @H_301_14@

insert into radgroupcheck (groupname,value) values ('disable','Reject'); @H_301_14@

@H_301_14@

将用户加入组中： @H_301_14@

insert into radusergroup (username,groupname) values ('stone','user'); @H_301_14@

insert into radusergroup (username,groupname) values ('123','disable'); @H_301_14@

@H_301_14@

2. 启动FreeRadius调试模式 @H_301_14@

/usr/local/sbin/radiusd –X @H_301_14@

@H_301_14@

3. 测试 @H_301_14@

1）用NTRadPing 发认证包测试 @H_301_14@

应看到用户stone 的response 为 Access-Accept 并且在数据库中有信息，通过认证； @H_301_14@

而用户 123 的response 为 Access-Reject ，因为他被加入 disable组，这个组的Auth-Type为Reject @H_301_14@

@H_301_14@

2）用NTRadPing 发计费包测试 @H_301_14@

@H_301_14@

应看到response 为 Access-Accept 并且在数据库中有信息 @H_301_14@

@H_301_14@

[①] 采用FreeBSD的ports来安装

whereis gmake @H_301_14@

gmake: /usr/ports/devel/gmake @H_301_14@

cd /usr/ports/devel/gmake @H_301_14@

make install @H_301_14@

@H_301_14@

[②] 注意：将postgresql.conf 中的@H_301_14@

# Table to keep group info@H_301_14@

usergroup_table = "usergroup" 改成radusergroup@H_301_14@

@H_301_14@

有问题请与我联系：stonewoodren@163.com @H_301_14@

FreeRadius 1.1.7 + Postgresql 8.1.5 (FreeBSD 6.1系统)

猜你在找的Postgre SQL相关文章