<rhel6+pptpd+freeradius+mysql>

本文档来学习实验环境，内容实验结果全部在机房校验，全部正确无误。

系统环境：RHEL6 x86_64 selinux and iptables disabled
软件下载：http   ://   poptop   .  sourceforge   .  net   /  yum   /  stable   /   rhel   6/
ftp://ftp.samba.org/pub/ppp

安装配置 pptpd
echo 1 > /proc/sys/net/ipv4/ip_forward 
yum install ppp -y
rpm -ivh pptpd-1.3.4-2.el6.x86_64.rpm
pptpd   的配置文件 /etc/pptpd.conf
localip 192.168.0.1
remoteip192.168.0.234-238
localip: pptpd server    所在服务器 IP   地址，可以设置为服务器上绑定的任意一个 IP 地址
remoteip:   设置客户端连接到 pptpd server   后可供分配的 Ip 地址范围
添加测试用户/etc/ppp/chap-secrets
#client server secret IP addresses
yakexi pptpd westos *
注意：server   名称必须和 /etc/ppp/options.pptpd    中 name 处设置的名称一致，否则登录
验证无法通过
service pptpd start
netstat -antlp|grep:1723
现在可以用 yakexi 测试了！
安装配置 freeradius
yum install freeradius freeradius-mysql freeradius-utils -y
tar zxf ppp-2.4.5.tar.gz
mkdir /etc/radiusclient
cp ppp-2.4.5/pppd/plugins/radius/etc/* /etc/radiusclient
cd /etc/radiusclient
在 servers   文件中添加 radius 服务器的地址和密码
localhost westos
修改 radiusclient.conf 文件中确保这个文件中所有与 radiusclient 相关的路径都是
以/etc/radiusclient 开头的。例如：
servers /usr/local/etc/radiusclient/servers
修改为：
servers /etc/radiusclient/servers
修改/etc/ppp/options.pptpd，添加如下行：
plugin /usr/lib64/pppd/2.4.5/radius.so
cd /etc/raddb
修改 clients.conf
client localhost {
ipaddr = 127.0.0.1
secret = westos (与/etc/radiusclient/servers 里设置的一致）
....
}
支持 mysql
修改/etc/raddb/radius.conf
$INCLUDE sql.conf  #去掉注释
修改/etc/raddb/sites-available/default
authorize {
#files
sql
....
}
accounting {
#radutmp
sql
....
}
session{
#radutmp
sql
}
post-auth {
sql
}
修改/etc/raddb/sql.conf
sql {
database = “mysql“
driver = "rlm_sql_mysql"
server = "localhost"
login = "radius"
password = "radpass"
radius_db = "radius"
....
}
修改/etc/raddb/sql/mysql/dialup.conf,去掉如下行的注释：
simul_count_query = "SELECT COUNT(*) \ 
FROM ${acct_table1} \ 
WHERE username = '%{SQL-User-Name}' \ 
AND acctstoptime IS NULL" 
yum install mysql mysql-server -y
service mysqld start
cd /etc/raddb/sql/mysql/
mysqladmin create radius
mysql radius < schema.sql
mysql < admin.sql
mysql> insert into radgroupreply (groupname,attribute,op,value) values
('user','Auth-Type',':=','Local');
mysql> insert into radgroupreply (groupname,attribute,op,value) values
('user','Service-Type',':=','Framed-User');
mysql> insert into radgroupreply (groupname,attribute,op,value) values
('user','Framed-IP-Address',':=','255.255.255.254');
mysql> insert into radgroupreply (groupname,attribute,op,value) values
('user','Framed-IP-Netmask',':=','255.255.255.0');
mysql>insert into radgroupcheck (groupname,attribute,op,value) values
('user','Simultaneous-Use',':=','1'); (限制一个帐号只能拨一次，可选)
mysql> insert into radcheck (username,attribute,op,value) values ('test','UserPassword',':=','test');  (添加帐户 test,密码 test)
mysql> insert into radusergroup (username,groupname) values ('test','user');
以后添加帐户只需要进行以上两步操作即可
service radiusd start
service pptpd stop
service pptpd start
执行命令进行测试：
# radtest test test localhost 0 westos
Sending Access-Request of id 13 to 127.0.0.1 port 1812 
User-Name = "test" 
User-Password = "test" 
NAS-IP-Address = 127.0.0.1 
NAS-Port = 0 
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=13, length=38 
Service-Type = Framed-User 
Framed-IP-Address = 255.255.255.254 
Framed-IP-Netmask = 255.255.255.0 
看到 Access-Accept 字样即表示成功

本文转自青衫解衣 51CTO博客，原文链接:http://blog.51cto.com/215687833/1769384