centos7.x openvpn+freeradius认证daloradius管理

继上一篇的openvpn账号密码验证，由于账号密码保存在服务器文件中的是明文，存在一定的风险，现在通过freeradius进行账号认证

同样参考相关网络资料

http://www.beijinghuayu.com.cn/centos7%e9%85%8d%e7%bd%aedaloradius/

freeradius 2.2.5版本限制用户并发登录_norhtlander的专栏-CSDN博客

FreeRADIUS 3.0安装配置_cluniquecui的专栏-CSDN博客

等

软件版本

freeradius-3.0.13-15.el7.x86_64

mariadb-server-5.5.68-1.el7.x86_64

php-5.4.16-48.el7.x86_64

服务器：阿里云

1.安装

yum安装简便快捷

安装依赖

yum install wget telnet net-tools httpd mariadb-server php php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel epel-release -y

安装freeradius

yum install freeradius freeradius-mysql freeradius-utils -y

2.关闭selinux

[root@openvpn ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 
[root@openvpn ~]# setenforce 0
setenforce: SELinux is disabled
[root@openvpn ~]# geten
getenforce  getent      
[root@openvpn ~]# getenforce 
Disabled

3.启动数据库、httpd，关闭防火墙

[root@openvpn ~]# systemctl restart mariadb
[root@openvpn ~]# systemctl restart httpd
[root@openvpn ~]# systemctl stop firewalld
[root@openvpn ~]# systemctl disable firewalld

4.登录数据库，创建radius数据库

[root@openvpn ~]# mysql            #默认初次启动的mariadb没有密码，直接登录
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.68-MariaDB MariaDB Server
 
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
#设置mariadb的root登录密码
MariaDB [(none)]> set password=password('password');
Query OK, 0 rows affected (0.00 sec)
#创建radius数据库
MariaDB [(none)]> create database radius;
Query OK, 1 row affected (0.00 sec)
#给radius库建用户密码
MariaDB [(none)]> grant all on radius.* to radius@localhost identified by 'radius';
Query OK, 0 rows affected (0.00 sec)
#刷新
MariaDB [(none)]> flush privileges;
 
Query OK, 0 rows affected (0.01 sec)
#退出
MariaDB [(none)]> quit
Bye

5.初始化freeradius数据库

[root@openvpn ~]# cd /etc/raddb/
[root@openvpn raddb]# ls
certs         hints           mods-config   policy.d      README.rst       templates.conf
clients.conf  huntgroups      mods-enabled  proxy.conf    sites-available  trigger.conf
dictionary    mods-available  panic.gdb     radiusd.conf  sites-enabled    users

yum安装的freeradius配置文件默认在/etc/raddb

#初始化数据库
[root@openvpn mysql]# mysql -uradius -p radius < schema.sql 
Enter password: 
 
[root@openvpn mysql]# mysql -uradius -p radius 
Enter password: 
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 5.5.68-MariaDB MariaDB Server
 
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
MariaDB [radius]> use radius
Database changed
MariaDB [radius]> show tables;
+------------------+
| Tables_in_radius |
+------------------+
| nas              |
| radacct          |
| radcheck