第二节：Centos7 Freeradius Mysql配置

本节主要内容：在Centos7 上配置mysql数据配置，使freeradius支持mysql数据库管理、以及Freeradius运行状态查看。

1、进入数据库配置

mysql -u root -p

初始密码为空，按照下面命令创建radius数据库，设置数据库的管理账号：radius，密码:passwd-radius

MariaDB >create database radius;
MariaDB [(none)]>grant all privileges on radius.* to radius@localhost identified by 'passwd-radius';
MariaDB [(none)]>use radius;
MariaDB [(none)]>source /etc/raddb/mods-config/sql/main/mysql/schema.sql;
MariaDB [(none)]>quit;

配置后重启 mysql

systemctl restart mariadb

2、创建软链接

dailordius 默认允许/etc/raddb/mods-enabled/中的模块运行，通过下面语句允许sql模块

ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
chgrp -h radiusd /etc/raddb/mods-enabled/sql

3、修改freeradius 配置文件，以便使用sql数据库

vim /etc/raddb/radiusd.conf

将下面三项内容修改为yes
auth = no
auth_badpass = no
auth_goodpass = no
修改为
auth = yes
auth_badpass = yes
auth_goodpass = yes

修改default文件

vim /etc/raddb/sites-available/default

1)将
-sql
修改为
sql
2)查找到session { 中内容
去掉sql前面的注释

vim /etc/raddb/mods-available/sql

1)将
driver = "rlm_sql_null"
修改为
driver = "rlm_sql_mysql"
(2)将
        dialect = "sqlite"
#        server = "localhost"
#        port = 3306
#        login = "radius"
#        password = "radpass"
修改为
        dialect = "mysql"
        server = "localhost"
        port = 3306
        login = "radius"
        password = "passwd-radius"
(3)将
#       read_clients = yes
修改为
       read_clients = yes

保存退出

5、通过下面命令进入radius debug模式，可以监测radius是否正常运行

radiusd -X

当出现如下结果表示正常运行

Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on proxy address * port 53268
Listening on proxy address :: port 44336
Ready to process requests

按Ctrl+C 退出

6、启动 radius

systemctl restart radiusd
systemctl status radiusd

● radiusd.service - FreeRADIUS high performance RADIUS server.
   Loaded: loaded (/usr/lib/systemd/system/radiusd.service; disabled; vendor preset: disabled)
   Active: active (running) since 二 2018-01-09 03:18:32 EST; 9s ago
  Process: 28431 ExecStart=/usr/sbin/radiusd -d /etc/raddb (code=exited, status=0/SUCCESS)
  Process: 28425 ExecStartPre=/usr/sbin/radiusd -C (code=exited, status=0/SUCCESS)
  Process: 28423 ExecStartPre=/bin/chown -R radiusd.radiusd /var/run/radiusd (code=exited, status=0/SUCCESS)
 Main PID: 28434 (radiusd)
   CGroup: /system.slice/radiusd.service
           └─28434 /usr/sbin/radiusd -d /etc/raddb

1月 09 03:18:31 Centos7.localdomain systemd[1]: Starting FreeRADIUS high pe....
1月 09 03:18:32 Centos7.localdomain systemd[1]: Started FreeRADIUS high per....
Hint: Some lines were ellipsized, use -l to show in full.