编译安装

freeredius 在centos安装

yum install libtalloc-devel libcurl-devel json-c-devel openssl-devel gcc -y
cd cd /usr/lib64/; ln -s ./libcrypto.so.1.0.2k ./libcrypto.so
./configure --prefix=/usr/local/freeradius

rlm_rest ................ ok 确保这行输出的是ok, 如果是skipping, 根据提示添加依赖。

make&make install

启用端口：
firewall-cmd --permanent --zone=public --add-port=1812/udp
firewall-cmd --permanent --zone=public --add-port=1813/udp

编辑rest 模块配置

cd /usr/local/freeradius/etc/raddb/mods-available 修改名为rest配置文件
vim rest

 connect_uri = "http://127.0.0.1:9527"
 #根据实际情况修改
 authorize {
			uri = "${..connect_uri}/user/%{User-Name}/mac/%{%{Called-Station-ID}:-unknown}?action=authorize"
			method = 'get'
			tls = ${..tls}
	}
	authenticate {
			uri = "${..connect_uri}/user/%{User-Name}/mac/%{%{Called-Station-ID}:-unknown}?action=authenticate"
			method = 'get'
			tls = ${..tls}
	}

cd /usr/local/freeradius/etc/raddb/mods-enabled
添加 unlink eap;ln -s ../mods-available/rest ./符号连接

添加aiyunsi site配置

cd /usr/local/freeradius/etc/raddb/sites-available
新建 aiyunsi

server aiyunsi {
        listen {
                ipaddr = *
                port = 1812
                type = auth
        }
authorize {
        if (!&User-Password) {
               reject
        }
        #Login-Time用于计算Session-Timeout
        #update control {
        #        Login-Time := Al0001-2359
        #}
        #logintime
		
	update reply{
            Session-Timeout := 3600
        }
		
		# 设置Cleartext-Password仅仅让流程流转
		update control {
                Cleartext-Password := 'Hg@123'
        }
        pap
}

authenticate {
        Auth-Type PAP {
            rest
            if(&reply:REST-HTTP-Status-Code == "200"){
                ok
            } else {
                fail
            }
        }
}

}

cd /usr/local/freeradius/etc/raddb/sites-enabled

unlink default; unlink inner-tunnel
ln -s  ../sites-available/aiyunsi ./

编辑clients.conf

vim /usr/local/freeradius/etc/raddb/clients.conf 添加网关client
client gateway {
ipaddr = 10.6.9.71
proto = *
secret = testing123
nas_type = other
}

开机启动

useradd -U -b /home/radius/ radius
vim /usr/lib/systemd/system/radiusd.service

[Unit]
Description=FreeRADIUS high performance RADIUS server.
After=syslog.target network.target ipa.service dirsrv.target krb5kdc.service

[Service]
Type=forking
PIDFile=/usr/local/freeradius/var/run/radiusd/radiusd.pid
ExecStartPre=-/bin/chown -R radius.radius /usr/local/freeradius/var/run/radiusd
ExecStartPre=/usr/local/freeradius/sbin/radiusd -C
ExecStart=/usr/local/freeradius/sbin/radiusd -d /usr/local/freeradius/etc/raddb
ExecReload=/usr/local/freeradius/sbin/radiusd -C
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

开机启动 systemctl --now enable radiusd

Posted in: 开源软件