本文系统Centos6.0;192.168.182.133

本文也是近期项目之一;为了后面的vpn隧道和多ip路由分流;

-rw-r--r-- 1 root root 684342  6月 19 22:49 ppp-2.4.5.tar.gz
-rw-r--r-- 1 root root  74048  6月 19 22:49 pptpd-1.3.4-2.el6.i686.rpm

这是其中的两个包;

如果pptpd不好下载的话,欢迎到本人下载区去下载,因为这个国外的url被和谐了,本人也是使用了加速器才下载到的;http://down.51cto.com/data/840850


1、下面就开始操作了;

Centos6.0之pptpd+mysql+freeradius实现vpn帐号统一认证管理_pptpd

[root@node1 ~]# vim /etc/pptpd.conf
#pptpd.conf
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.182.133
remoteip 172.16.0.2-254
[root@node1 ~]# vim /etc/ppp/options.pptpd
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
ms-dns 8.8.8.8
logfile /var/log/pptpd.log
[root@node1 ~]# vim /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
  test          pptpd   test123                 *
[root@node1 ~]# cat /etc/sysctl.conf |grep -v ^# |grep -v ^#
net.ipv4.ip_forward = 1
[root@node1 ~]# iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -j MASQUERADE

Ps;重启服务;测试本地拨号是否正常;

经过测试,拨号OK;

2、下面是安装mysql及freeradius;

yum install mysql* freeradius* -y

创建radius数据库,导入相关sql;并创建测试用户;

mysql> create database radius;
[root@node1 ~]# mysql -u root -p  radius < /etc/raddb/sql/mysql/admin.sql
[root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/cui.sql
[root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/nas.sql
[root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/schema.sql
[root@node1 ~]# mysql -u root -p radius < /etc/raddb/sql/mysql/wimax.sql
mysql> insert into radius.radcheck (Username,Attribute,op,Value) values('lansgg','password','==','lansgg123')

配置radius的相关配置文件;

[root@node1 ~]# vim /etc/raddb/radiusd.conf
700         $INCLUDE sql.conf
[root@node1 ~]# vim /etc/raddb/sql.conf
28         database = "mysql"
33         driver = "rlm_sql_${database}"
36         server = "localhost"
38         login = "root"
39         password = "123"
42         radius_db = "radius"
50         acct_table1 = "radacct"
51         acct_table2 = "radacct"
100         readclients = yes
ps:前面的子标为行数哈
[root@node1 ~]# vim /etc/raddb/sites-enabled/default
69 authorize {
170 #       files
177         sql
252 authenticate {
297 #       unix
333 preacct {
372 #       files
389 #       unix
406         sql
449 session {
454         sql
461 post-auth {
475         sql
[root@node1 ~]# vim /etc/raddb/sites-enabled/inner-tunnel
124 #       files
131         sql
223 #       unix
255         sql
277         sql
[root@node1 ~]# vim /etc/raddb/eap.conf
30                 default_eap_type = peap

测试radius和mysql的整合

Centos6.0之pptpd+mysql+freeradius实现vpn帐号统一认证管理_freeradius_02

3、下面是pptpd和freeradius的整合了;

解压ppp源码包,copy其配置文件;

[root@node1 ~]# tar zxvf ppp-2.4.5.tar.gz
[root@node1 ~]# mkdir /etc/ppp/radius
[root@node1 ~]# cp -R  ppp-2.4.5/pppd/plugins/radius/etc/ /etc/ppp/radius/

修改radius的相关路径:

[root@node1 etc]# vim radiusclient.conf
auth_order      radius
login_tries     4
login_timeout   60
nologin /etc/nologin
issue   /etc/ppp//radius/etc/issue
authserver      localhost:1812
acctserver      localhost:1813
servers         /etc/ppp/radius/etc/servers
dictionary      /etc/ppp/radius/etc/dictionary
login_radius    /usr/local/sbin/login.radius
seqfile         /var/run/radius.seq
mapfile         /etc/ppp/radius/etc/port-id-map
default_realm
radius_timeout  10
radius_retries  3
login_local     /bin/login
[root@node1 etc]# vim /etc/ppp/radius/etc/dictionary
INCLUDE /etc/ppp/radius/etc/dictionary.microsoft
INCLUDE /etc/ppp/radius/etc/dictionary.ascend  #新增
INCLUDE /etc/ppp/radius/etc/dictionary.merit    #新增
INCLUDE /etc/ppp/radius/etc/dictionary.compat  #新增

增加options.pptpd

[root@node1 etc]# vim /etc/ppp/options.pptpd
plugin /usr/lib/pppd/2.4.5/radius.so  #新增
radius-config-file /etc/ppp/radius/etc/radiusclient.conf  #新增

修改radius认证密钥;

[root@node1 raddb]# vim /etc/raddb/clients.conf
101         secret          = lansggtest
[root@node1 raddb]# vim /etc/ppp/radius/etc/servers
5 localhost                                       lansggtest

经过测试OK!(帐号:lansgg;密码lansgg123)

Centos6.0之pptpd+mysql+freeradius实现vpn帐号统一认证管理_mysql_03