RHEL7 Install/Use Freeradius

原来一直在windows上用Freeradius,使用步骤简单,没仔细想工作原理,不过win版本总有些小问题。昨天把它装到RHEL7上了,折腾了一天,总算基本搞明白了里面的大概结构,如下所示:

安装部分

为了解决继承关系问题,最好安装做好的rpm包,对于freeradius有很多包,不用困惑,这是由于freeradius可以跟其他组件组合使用如LDAP或MYSQL等。我直接安装了一个干净的包,不带其他组件:

[root@frank Desktop]# yum localinstall freeradius-python-3.0.1-6.el7.x86_64.rpm
Loaded plugins: langpacks
Examining freeradius-python-3.0.1-6.el7.x86_64.rpm: freeradius-python-3.0.1-6.el7.x86_64
Marking freeradius-python-3.0.1-6.el7.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package freeradius-python.x86_64 0:3.0.1-6.el7 will be installed
--> Processing Dependency: freeradius = 3.0.1-6.el7 for package: freeradius-python-3.0.1-6.el7.x86_64
--> Running transaction check
---> Package freeradius.x86_64 0:3.0.1-6.el7 will be installed
--> Processing Dependency: libnaaeap.so.0()(64bit) for package: freeradius-3.0.1-6.el7.x86_64
--> Running transaction check
---> Package tncfhh-libs.x86_64 0:0.8.3-16.el7 will be installed
--> Processing Dependency: tncfhh = 0.8.3 for package: tncfhh-libs-0.8.3-16.el7.x86_64
--> Processing Dependency: boost-system for package: tncfhh-libs-0.8.3-16.el7.x86_64
--> Processing Dependency: boost-thread for package: tncfhh-libs-0.8.3-16.el7.x86_64
--> Processing Dependency: libboost_system-mt.so.1.53.0()(64bit) for package: tncfhh-libs-0.8.3-16.el7.x86_64
--> Processing Dependency: libboost_thread-mt.so.1.53.0()(64bit) for package: tncfhh-libs-0.8.3-16.el7.x86_64
--> Processing Dependency: liblog4cxx.so.10()(64bit) for package: tncfhh-libs-0.8.3-16.el7.x86_64
--> Processing Dependency: libtncutil.so.0()(64bit) for package: tncfhh-libs-0.8.3-16.el7.x86_64
--> Processing Dependency: libxerces-c-3.1.so()(64bit) for package: tncfhh-libs-0.8.3-16.el7.x86_64
--> Running transaction check
---> Package boost-system.x86_64 0:1.53.0-18.el7 will be installed
---> Package boost-thread.x86_64 0:1.53.0-18.el7 will be installed
---> Package log4cxx.x86_64 0:0.10.0-16.el7 will be installed
---> Package tncfhh.x86_64 0:0.8.3-16.el7 will be installed
---> Package tncfhh-utils.x86_64 0:0.8.3-16.el7 will be installed
---> Package xerces-c.x86_64 0:3.1.1-6.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package       Arch   Version       Repository                             Size
================================================================================
Installing:
 freeradius-python
               x86_64 3.0.1-6.el7   /freeradius-python-3.0.1-6.el7.x86_64  23 k
Installing for dependencies:
 boost-system  x86_64 1.53.0-18.el7 frank-repo                             38 k
 boost-thread  x86_64 1.53.0-18.el7 frank-repo                             56 k
 freeradius    x86_64 3.0.1-6.el7   frank-repo                            917 k
 log4cxx       x86_64 0.10.0-16.el7 frank-repo                            452 k
 tncfhh        x86_64 0.8.3-16.el7  frank-repo                            680 k
 tncfhh-libs   x86_64 0.8.3-16.el7  frank-repo                            160 k
 tncfhh-utils  x86_64 0.8.3-16.el7  frank-repo                             33 k
 xerces-c      x86_64 3.1.1-6.el7   frank-repo                            878 k

Transaction Summary
================================================================================
Install  1 Package (+8 Dependent packages)

Total size: 3.2 M
Total download size: 3.1 M
Installed size: 10 M
Is this ok [y/d/N]: y
Downloading packages:
--------------------------------------------------------------------------------
Total                                               16 MB/s | 3.1 MB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : log4cxx-0.10.0-16.el7.x86_64                                 1/9 
  Installing : boost-system-1.53.0-18.el7.x86_64                            2/9 
  Installing : boost-thread-1.53.0-18.el7.x86_64                            3/9 
  Installing : xerces-c-3.1.1-6.el7.x86_64                                  4/9 
  Installing : tncfhh-utils-0.8.3-16.el7.x86_64                             5/9 
  Installing : tncfhh-0.8.3-16.el7.x86_64                                   6/9 
  Installing : tncfhh-libs-0.8.3-16.el7.x86_64                              7/9 
  Installing : freeradius-3.0.1-6.el7.x86_64                                8/9 
  Installing : freeradius-python-3.0.1-6.el7.x86_64                         9/9 
  Verifying  : tncfhh-utils-0.8.3-16.el7.x86_64                             1/9 
  Verifying  : tncfhh-0.8.3-16.el7.x86_64                                   2/9 
  Verifying  : boost-thread-1.53.0-18.el7.x86_64                            3/9 
  Verifying  : freeradius-3.0.1-6.el7.x86_64                                4/9 
  Verifying  : boost-system-1.53.0-18.el7.x86_64                            5/9 
  Verifying  : tncfhh-libs-0.8.3-16.el7.x86_64                              6/9 
  Verifying  : freeradius-python-3.0.1-6.el7.x86_64                         7/9 
  Verifying  : xerces-c-3.1.1-6.el7.x86_64                                  8/9 
  Verifying  : log4cxx-0.10.0-16.el7.x86_64                                 9/9 

Installed:
  freeradius-python.x86_64 0:3.0.1-6.el7                                        

Dependency Installed:
  boost-system.x86_64 0:1.53.0-18.el7    boost-thread.x86_64 0:1.53.0-18.el7   
  freeradius.x86_64 0:3.0.1-6.el7        log4cxx.x86_64 0:0.10.0-16.el7        
  tncfhh.x86_64 0:0.8.3-16.el7           tncfhh-libs.x86_64 0:0.8.3-16.el7     
  tncfhh-utils.x86_64 0:0.8.3-16.el7     xerces-c.x86_64 0:3.1.1-6.el7         

Complete!

调试部分

安装完后,如何在RHEL7上启动服务,并设置开机自启动?在以前的文章中我已经简单介绍了systemctl,它替代了chkconfig,刚开始用还真的不是很习惯。。。这里不做详解,详解可以去百度或谷歌下:

[root@frank ~]# systemctl list-units --type=service |grep radiusd <<< 没启动不显示任何信息
[root@frank ~]# systemctl start radiusd
[root@frank ~]# systemctl status radiusd
radiusd.service - FreeRADIUS high performance RADIUS server.
   Loaded: loaded (/usr/lib/systemd/system/radiusd.service; disabled)
   Active: active (running) since 四 2014-12-04 09:04:21 EST; 16s ago
  Process: 10831 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS)
  Process: 10828 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS)
  Process: 10826 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=0/SUCCESS)
 Main PID: 10833 (radiusd)
   CGroup: /system.slice/radiusd.service
           └─10833 /usr/sbin/radiusd -d /etc/raddb

12月 04 09:04:21 frank systemd[1]: Starting FreeRADIUS high performance RADIUS server....
12月 04 09:04:21 frank systemd[1]: Started FreeRADIUS high performance RADIUS server..
12月 04 09:04:31 frank systemd[1]: Started FreeRADIUS high performance RADIUS server..

[root@frank ~]# systemctl list-units |grep radiu  <<< 这里已经可以看到如下信息
UNIT                                       LOAD   ACTIVE     SUB       JOB   DESCRIPTION
radiusd.service                            loaded active     running         FreeRADIUS high performance RADIUS server.

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
JOB    = Pending job for the unit.

151 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

[root@frank ~]# systemctl enable radiusd  <<< 开机自启动
ln -s '/usr/lib/systemd/system/radiusd.service' '/etc/systemd/system/multi-user.target.wants/radiusd.service'

初始配置完成,那么它的目录结构和功能模块究竟是怎么样的?下面是几个常用的配置文件:

[root@frank ~]# rpm -ql freeradius
/etc/raddb/clients.conf  <<<客户端配置文件
/etc/raddb/radiusd.conf   <<<总配置文件,可以开启一些log相关功能
/etc/raddb/users   <<<客户端的认证信息
/usr/share/freeradius/dictionary.cisco
/usr/share/freeradius/dictionary.cisco.bbsm
/usr/share/freeradius/dictionary.cisco.vpn3000
/usr/share/freeradius/dictionary.cisco.vpn5000
/var/log/radius
/var/log/radius/radacct  <<< 存accouting信息的
/var/log/radius/radius.log   <<< 当开启radiusd -X时,这里面是不会存信息的,除非用systemctl启动
/var/log/radius/radutmp
/var/run/radiusd
/var/run/radiusd/tmp

下面是通过radius.log来查看是否客户端通过认证,这个信息非常少,基本上没什么作用:

[root@frank raddb]# more /var/log/radius/radius.log 
......
Thu Dec  4 23:04:56 2014 : Auth: (0) Invalid user: [cisco-5475.d04f.da81-Gi0/1.301dslforum.org/cisco] (from client ASR9k-BNG port 0)
Thu Dec  4 23:05:00 2014 : Auth: (1) Invalid user: [cisco-5475.d04f.da81-Gi0/1.301dslforum.org/cisco] (from client ASR9k-BNG port 0)
Thu Dec  4 23:05:04 2014 : Auth: (2) Invalid user: [cisco-5475.d04f.da81-Gi0/1.301dslforum.org/cisco] (from client ASR9k-BNG port 0)
Thu Dec  4 23:05:24 2014 : Auth: (3) Invalid user: [CPE1-CLASS_CPE/cisco] (from client ASR9k-BNG port 0)
Thu Dec  4 23:05:28 2014 : Auth: (4) Invalid user: [CPE1-CLASS_CPE/cisco] (from client ASR9k-BNG port 0)
Thu Dec  4 23:05:32 2014 : Auth: (5) Invalid user: [CPE1-CLASS_CPE/cisco] (from client ASR9k-BNG port 0)

想troubleshooting,必须开启debug模式,用“radiusd -X”,这里面非常详细,基本能解决遇到的问题,另外大部分问题是由于语法不对导致,下面是一个debug信息截屏:

[root@frank ~]# radiusd -X
radiusd: FreeRADIUS Version 3.0.1, for host x86_64-redhat-linux-gnu, built on Mar  5 2014 at 05:31:12
Copyright (C) 1999-2014 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /etc/raddb/dictionary
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
......
listen {
        type = "auth"
        ipaddr = 127.0.0.1
        port = 18120
}
Listening on auth address * port 1812 as server default
Listening on acct address * port 1813 as server default
Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel
Opening new proxy address * port 1814
Listening on proxy address * port 1814
Ready to process requests.

2017-5.17更新

突然发现freeradius不能用了,启动报错,在root里查看一样:

[cisco@frank ~]$ systemctl status radiusd.service
radiusd.service - FreeRADIUS high performance RADIUS server.
   Loaded: loaded (/usr/lib/systemd/system/radiusd.service; enabled)
   Active: failed (Result: exit-code) since Tue 2017-05-16 21:14:02 CST; 25s ago
  Process: 21083 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=1/FAILURE)
  Process: 21081 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=0/SUCCESS)

首先radius必须root安装并启动,另外配置文件必须无误才可以启动,现在遇到的问题就是配置模板错误导致报权限问题,具体解决方法我已更新到stackoverflow上:
http://stackoverflow.com/questions/42542475/freeradius-startup-error-code-exited-status-1-failure/44013213#44013213

本文出自 Frank's Blog

版权声明:


本文链接:RHEL7 Install/Use Freeradius
版权声明:本文为原创文章,仅代表个人观点,版权归 Frank Zhao 所有,转载时请注明本文出处及文章链接
你可以留言,或者trackback 从你的网站

留言哦

blonde teen swallows load.xxx videos