FreeRadius 1.1.7 + Postgresql 8.1.5 (FreeBSD 6.1系统)

一、gmake的安装[①]

1. 需要的文件

libiconv-1.11_1.tbz

gettext-0.17_1.tbz

gmake-3.81_3.tbz

2. 安装

Pkg_add gettext-0.17_1.tbz

Pkg_add libiconv-1.11_1.tbz

Pkg_add gmake-3.81_3.tbz

二、Postgresql的安装

1. 解压

tar zxvf postgresql- 8.1.5 .tar.gz

2. 进入目录，执行配置程序

cd postgresql- 8.1.5

./configure --prefix=/usr/local/pgsql

3. 执行gmake来编译，然后进行安装

/usr/local/bin/gmake

/usr/local/bin/gmake install

4. 添加一个名为postgres的用户，新建一个用来存放数据库的文件夹 ，并设置权限

pw user add postgres

mkdir /usr/local/pgsql/data

chown postgres /usr/local/pgsql/data

5. 设置权限后，切换到 postgres用户，再初始话数据库：

su postgres

/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data

6. 启动PostgreSQL:

$ /usr/local/pgsql/bin/postmaster -D /usr/local/pgsql/data &

$ LOG: could not create socket for statistics collector: Protocol not supported

LOG: database system was shut down at 2004-09-17 14:20:52 CST

LOG: checkpoint record is at 0/9B6E1C

LOG: redo record is at 0/9B6E1C; undo record is at 0/0; shutdown TRUE

LOG: next transaction ID: 541; next OID: 17143

LOG: database system is ready

7. 确认已启动

$ top

PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND

891 postgres 96 0 13508K 2708K select 0:00 0.00% 0.00% postgres

8. 让Postgresql随系统启动

在/etc/rc.conf 添加

postgresql_enable="YES"

su postgres -c "/usr/local/pgsql/bin/postmaster -D /usr/local/pgsql/data & "

二、Freeradius 的安装

tar zxvf freeradius- 1.1.7 .tar.gz

cd freeradius- 1.1.7

./configure

cp libltdl/ltdl.h src/include/

/usr/local/bin/gmake

/usr/local/bin/gmake install

ln /usr/local/pgsql/lib/libpq.so.4 /usr/lib/libpq.so.4

三、配置FreeRadius[②]

1. 建立一个数据库并登陆

$ /usr/local/pgsql/bin/createdb radius

$ /usr/local/pgsql/bin/psql radius

2. 导入表（没成功，我是在pgAdmin 中用SQL语句创建）

/usr/local/pgsql/bin/psql radius

radius < freeradius- 1.1.7 /doc/examples/postgresql.conf

3. 修改 FreeRadius 的配置文件

1) radiusd.conf配置

vi /usr/local/etc/raddb/radiusd.conf

a) 把 "$INCLUDE ${confdir}/sql.conf" 改成 postgresql.conf

b) Edit /etc/raddb/radiusd.conf and add a line saying 'sql' to the authorize{} section

c) add a line saying 'sql' to the accounting{} section to tell FreeRADIUS to store accounting records in SQL as well.

d) add 'sql' to the post-auth{} section if you want to log all Authentication attempts to SQL.

e) add 'sql' to the post-auth{} section if you want to log all Authentication attempts to SQL. Like this:

post-auth {

# Login successful: get an address from the IP pool.

ippool

Post-Auth-Type REJECT {

# Login failed: log to SQL database.

sql

}

}

2) postgresql.conf配置

vi /usr/local/etc/raddb/sql.conf

driver="rlm_sql_postgresql"

server = "localhost"

login = "postgres"

password = ""

radius_db = "radius"

3) clients.conf配置( NAS信息)

vi /usr/local/etc/raddb/clients.conf

client 192.168.0.0/24 {

secret = testing123

shortname = localhost

nastype = other

}

4）user 文件（让Radius从radgroupcheck中读取属性）

将DEFAULT Auth-Type = System改为DEFAULT Auth-Type = Local

System 指从操作系统中读取信息

Local 从 Radius 数据库中读取信息

四、测试FreeRadius ( FreeRadius 192.168.0.125 / NAS 192.168.0.120 )

1. 在数据库中添加信息

建立用户信息：

insert into radcheck (username,attribute,op,value) values ('stone','Password',':=','wood');

insert into radcheck (username,value) values ('123','123');

建立组信息：

insert into radgroupcheck (groupname,value) values ('user','Auth-Type','Local');

insert into radgroupcheck (groupname,value) values ('disable','Reject');

将用户加入组中：

insert into radusergroup (username,groupname) values ('stone','user');

insert into radusergroup (username,groupname) values ('123','disable');

2. 启动FreeRadius调试模式

/usr/local/sbin/radiusd –X

3. 测试

1）用NTRadPing 发认证包测试

应看到用户stone 的response 为 Access-Accept 并且在数据库中有信息，通过认证；

而用户 123 的response 为 Access-Reject ，因为他被加入 disable组，这个组的Auth-Type为Reject

2）用NTRadPing 发计费包测试

应看到response 为 Access-Accept 并且在数据库中有信息

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!