Monday, April 16, 2007

PPPoE Server + FreeRADIUS + MySQL

準備檔案
wget ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz
wget http://www.roaringpenguin.com/penguin/pppoe/rp-pppoe-3.8.tar.gz
wget ftp://ftp.freeradius.org/pub/radius/freeradius-1.1.3.tar.bz2

以下設定
MySQL Server 用 mysql_server 代稱
RADIUS Server 用 radius_server 代稱
實作時請換成您的 Server IP 或 Hostname
MySQL 部分
tar jxf freeradius-1.1.3.tar.bz2
mysqladmin -u root -p create radius
mysq -u root -p radius < freeradius-1.1.3/./doc/examples/mysql.sql
mysql -u root -p radius
先加入一些資料
insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type','=','Framed-User');
insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask','=','255.255.255.255');
insert into radgroupcheck (groupname, attribute, op, value) values ("user", "Auth-Type", ":=", "Local");
加入使用者
insert into radcheck (username,attribute,op,value) values ('pank','User-Password','==','1111');

FreeRADIUS 部分
tar jxf freeradius-1.1.3.tar.bz2
cd freeradius-1.1.3
./configure && make install
cd /usr/local/etc/raddb
編輯 clients.conf, secret 是 Client 端連 FreeRADIUS 所需的密碼(shared secret)

client 127.0.0.1 {
secret = 1234
shortname = localhost
}

client 192.168.0.0/16 {
secret = 1234
shortname = lan
}


編輯 radius.conf, 開啟 sql 並 mark 掉不需要的部分

authorize {
preprocess
chap
mschap
suffix
sql
...
}

accounting {
...
sql
...
}


編輯 sql.conf

...
server = "mysql_server"
login = "mysql_username"
password = "mysql_password"
radius_db = "radius"


測試能否正常運作
radiusd -X
radtest pank 1111 mysql_server 0 1234
若有看到 Access-Accept 就 OK

PPPoE Server 部分
tar zxf ppp-2.4.4.tar.gz
tar zxf rp-pppoe-3.8.tar.gz
cd ppp-2.4.4
./configure && make install
cd ../rp-pppoe-3.8/src
./configure --enable-plugin=../../ppp-2.4.4
--enable-plugin 是必要參數, 才能使用 -k (kernel-mode PPPoE)
make install
cp ppp-2.4.4/pppd/plugins/radius/radius.so /etc/ppp/plugins
cp ppp-2.4.4/pppd/plugins/radius/etc/* /etc/ppp/radius
編輯 /etc/ppp/options

lock
crtscts
nobsdcomp
nodeflate
nopcomp
plugin /etc/ppp/plugins/radius.so
radius-config-file /etc/ppp/radius/radiusclient.conf


編輯 /etc/ppp/radius/radiusclient.conf

auth_order radius
login_tries 4
login_timeout 60
nologin /etc/nologin
issue /etc/ppp/radius/issue
authserver radius_server:1812
acctserver radius_server:1813
servers /etc/ppp/radius/servers
dictionary /etc/ppp/radius/dictionary
login_radius /usr/local/sbin/login.radius
seqfile /var/run/radius.seq
mapfile /etc/ppp/radius/port-id-map
default_realm
radius_timeout 10
radius_retries 3


編輯 /etc/ppp/radius/servers

radius_server 1111


pppoe-server -k -I eth0 -L 192.168.1.10 -R 10.0.0.1 -N 64
啟動 PPPoE Server (kernel-mode), Server Local IP 是 192.168.1.10, Client 端的起始 IP 10.0.0.1, 最多同時 64 個 Clients 同時連線.

1 comment:

Unknown said...

除了PPPoE Server,前半部分都验证过了,好用