【A-Lab】部署手册:开源AAA办理方案 —FreeRADIUS
由于篇幅限制,完整版请移步至部署手册:开源AAA办理方案 —FreeRADIUS - 星融元Asterfusion1 软件介绍
2 底子环境
2.1 部署环境
2.2 操纵系统底子设置
3 安装设置数据库
4 安装设置Web和PHP
5 安装设置FreeRADIUS
6 安装设置DaloRaDIUS
7 部署结果
1 软件介绍
RADIUS(Remote Authentication and Dial-In User Service)是做拨号用户接入认证和服务请求认证的网络协议。RADIUS提供中心式认证、鉴权和计费(AAA)本事,用于管理接入用户利用网络资源。RADIUS答应利用集中式的数据库来生存全部效户的设置信息,以供全部效户共享利用。
FreeRADIUS是一个开源的、模块化、高性能而且功能丰富的一套RADIUS程序,包含服务器、客户端、开发库和一些额外的相关RADIUS工具。作为第一款开源发布的RADIUS程序,源码险些可以被任何系统编译安装。而且,产物为大规模的AAA认证服务器(1000万用户和天天百万级的请求)部署计划。FreeRADIUS没有Web界面,因此我们利用第三方Web界面DaloRADIUS作为管理界面。
2 底子环境
2.1 部署环境
[*]服务器硬件:KVM虚拟机,2 vCPU + 2GB vMem + 8GB Disk
[*]操纵系统:CentOS Linux release 7.8.2003
[*]数据库:PostgreSQL 15.4
[*]Web:v2.4.6
[*]PHP:v5.4.16
[*]FreeRADIUS:v3.0.13
[*]DaloRADIUS:v1.3
2.2 操纵系统底子设置
关闭SELinux
SELinux不关闭会导致Web访问非常。
# setenforce 0
# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux 关闭防火墙
防止安装完成后无法从外部访问的环境。
# systemctl stop firewalld && systemctl disable firewalld 设置YUM源
设置系统的底子YUM源、EPEL源以及PostgreSQL数据库的源。
# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
# wget -P /etc/yum.repos.d/ https://mirrors.163.com/.help/CentOS7-Base-163.repo
# yum clean all
# yum makecache
# yum install epel-release -y
# yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm 下载安装包
提前准备好DaloRADIUS的安装包。
# wget https://codeload.github.com/lirantal/daloradius/tar.gz/refs/tags/1.3 -O /tmp/freeradius 3 安装设置数据库
# yum install -y mariadb-server mariadb
# systemctl start mariadb
# systemctl enable mariadb
# mysql_secure_installation
# mysql -u root -p
MariaDB [(none)]> create database radius;
MariaDB [(none)]> grant all on radius.* to radius@localhost identified by 'radius';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit 4 安装设置Web和PHP
# yum install -y httpd
# systemctl enable httpd
# systemctl start httpd
# yum install -y php php-mysql php-pear php-devel php-common php-gd php-mbstring php-mcrypt php-xml php-pear-DB
# systemctl restart httpd 5 安装设置FreeRADIUS
# yum install -y freeradius freeradius-utils freeradius-mysql
# systemctl start radiusd.service
# systemctl enable radiusd.service
# mysql -u root -p radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
# vim /etc/raddb/mods-available/sql
#cat/etc/raddb/mods-available/sql | grep -v ^#
sql {
# The sub-module to use to execute queries. This should match
# the database you're attempting to connect to.
#
# * rlm_sql_mysql
# * rlm_sql_mssql
# * rlm_sql_oracle
# * rlm_sql_postgresql
# * rlm_sql_sqlite
# * rlm_sql_null (log queries to disk)
#
driver = "rlm_sql_mysql"
# The dialect of SQL you want to use, this should usually match
# the driver you selected above.
#
# If you're using rlm_sql_null, then it should be the type of
# database the logged queries are going to be executed against.
dialect = "mysql"
# Connection info:
#
server = "localhost"
port = 3306
login = "radius"
password = "radius"
# Database table configuration for everything except Oracle
radius_db = "radius"
# chgrp -h radiusd /etc/raddb/mods-available/sql
# systemctl restart radiusd.service 由于篇幅限制,完整版请移步至部署手册:开源AAA办理方案 —FreeRADIUS - 星融元Asterfusion
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]