編譯,安裝,測試freeradius-server-3.0.12.tar.bz2

#tar -jxvf freeradius-server-3.0.12.tar.bz2

#cd freeradius-server-3.0.12/

#./configure

打印的信息顯示有一個錯誤,信息如下

 

checking for perl... /usr/bin/perl
checking for snmpget... no
configure: WARNING: snmpget not found - Simultaneous-Use and checkrad may not work
checking for snmpwalk... no
configure: WARNING: snmpwalk not found - Simultaneous-Use and checkrad may not work
checking for rusers... /usr/bin/rusers
/opt/vsftp/he/freeradius-server-3.0.12/missing: Unknown `--is-lightweight' option
Try `/opt/vsftp/he/freeradius-server-3.0.12/missing --help' for more information
configure: WARNING: 'missing' script is too old or missing
checking for locate... /usr/bin/locate
checking for dirname... /usr/bin/dirname
checking for grep... (cached) /usr/bin/grep
checking for _talloc in -ltalloc... no
checking for _talloc in -ltalloc in /usr/lib64... no
checking for _talloc in -ltalloc in /usr/lib64/samba... no
checking for _talloc in -ltalloc in /usr/local/lib... no
checking for _talloc in -ltalloc in /opt/lib... no
configure: WARNING: talloc library not found. Use --with-talloc-lib-dir=<path>.
configure: error: FreeRADIUS requires libtalloc

 

信息顯示沒有安裝libtalloc,但是執行yum安裝顯示是已安裝的:

[root@fedora freeradius-server-3.0.12]# yum install libtalloc
Redirecting to '/usr/bin/dnf install libtalloc' (see 'man yum2dnf')

上次元數據過期檢查：2:39:30 前，執行於 Wed Dec 14 08:08:38 2016。
軟件包 libtalloc-2.1.8-1.fc25.x86_64 已安裝，跳過
依賴關系解決。
無需任何處理。
完畢！
[root@fedora freeradius-server-3.0.12]#

解決辦法,安裝libtalloc-devel:

[root@fedora freeradius-server-3.0.12]# yum install libtalloc-devel -y
Redirecting to '/usr/bin/dnf install libtalloc-devel -y' (see 'man yum2dnf')

上次元數據過期檢查：2:41:21 前，執行於 Wed Dec 14 08:08:38 2016。
依賴關系解決。
=======================================
Package 架構 版本 倉庫 大小
=======================================
安裝:
libtalloc-devel x86_64 2.1.8-1.fc25 fedora 59 k

事務概要
=======================================
安裝 1 軟件包

總下載：59 k
安裝大小：92 k
下載軟件包：
libtalloc-devel-2.1.8-1.fc25.x86_64.rpm 22 kB/s | 59 kB 00:02 
--------------------------------------------------------------
總計 9.3 kB/s | 59 kB 00:06 
運行事務檢查
事務檢查成功。
運行事務測試
事務測試成功。
運行事務
安裝: libtalloc-devel-2.1.8-1.fc25.x86_64 1/1 
驗證: libtalloc-devel-2.1.8-1.fc25.x86_64 1/1

已安裝:
libtalloc-devel.x86_64 2.1.8-1.fc25

完畢！
[root@fedora freeradius-server-3.0.12]#

問題解決,再次./configure,沒有再打印這個錯誤信息, 說明這個問題解決,而是打印了下一個錯誤信息:

checking for utmpx.h... yes
checking winsock.h usability... no
checking winsock.h presence... no
checking for winsock.h... no
checking for net/if.h... yes
checking for DH_new in -lcrypto... no
checking for DH_new in -lcrypto in /usr/lib64... no
checking for DH_new in -lcrypto in /usr/local/lib... no
checking for DH_new in -lcrypto in /opt/lib... no
configure: error: in `/opt/vsftp/he/freeradius-server-3.0.12':
configure: error: failed linking to libcrypto. Use --with-openssl-lib-dir=<path>, or --with-openssl=no (builds without OpenSSL)
See `config.log' for more details
[root@fedora freeradius-server-3.0.12]#

信息顯示鏈接不到libcrypto,執行

#rpm -qa |grep libcrypto

#

沒有信息打印,說明沒有安裝libcrypto,  libcrypto包含在openssl安裝包里,OpenSSL 包含2個主要的庫: libssl and libcrypto.

所以解決辦法就是安裝openssl:

#yum install openssl openssl-devel

運行./configure顯示這個問題解決,並且沒有報其它錯誤信息.

至此,./configure執行完全成功.

接下來要 執行make 命令.

#make

make命令被正確 執行

可以在./build/bin目錄找到radiusd程序,這個就是radius server程序.

接下來安裝這個 server:

----------------------------------------------------------------------------------------------------------------

[root@fedora freeradius-server-3.0.12]# make install

----------------------------------------------------------------------------------------------------------------

成功安裝.

 

執行下面命令,以超級身份運行:

#radiusd -X

 

運行正常,顯示:

#Ready to process requests

 

按照官方文檔的測試方法，在文件 /usr/local/etc/raddb/users 的最前面添加：

testing Cleartext-Password := “password123”

testing 是用戶名,  password123 是明文格式的密碼.

再次運行radiusd,在運行radiusd時會說是端口已經被使用，是因為系統服務已經自動運行。關閉之后再運行即可：

#sudo service freeradius stop 
#sudo radiusd -X

正常運行.

 

接下來用radtest來測試服務器:

# radtest testing password123 127.0.0.1 0 testing123

返回結果:

[root@fedora ~]# radtest testing password123 127.0.0.1 0 testing123
(0) Error parsing "stdin": Failed resolving "fedora.hexiaowang" to IPv4 address: Name or service not known
[root@fedora ~]# 

fedora.hexiaowang 是我給我的Fedora 25取的計算機名稱.
這個錯誤是程序無法把計算機名 fedora.hexiaowang 映射成IP.解決辦法,把 fedora.hexiaowang 映射成 本機IP 127.0.0.1 添加到 /etc/hosts 文件.
這是添加之前的hosts文件:

[root@fedora etc]# cat hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@fedora etc]# 

這是添加之后的hosts文件:

[root@fedora etc]# cat hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 fedora.hexiaowang
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@fedora etc]# 

 

再次執行radtest測試服務器 # radtest testing password123 127.0.0.1 0 testing123 ,結果顯示:

[root@fedora etc]# radtest testing password123 127.0.0.1 0 testing123
Sent Access-Request Id 171 from 0.0.0.0:33368 to 127.0.0.1:1812 length 77
    User-Name = "testing"
    User-Password = "password123"
    NAS-IP-Address = 127.0.0.1
    NAS-Port = 0
    Message-Authenticator = 0x00
    Cleartext-Password = "password123"
Received Access-Reject Id 171 from 127.0.0.1:1812 to 0.0.0.0:0 length 35
    Reply-Message = "Hello,testing"
(0) -: Expected Access-Accept got Access-Reject
[root@fedora etc]# 

收到 Access-Reject 消息,表示請求失敗,測試沒通過.解決辦法:把 radiusd.conf 文件里的禁止寫log(no)改成允許(yes)

#vi /usr/local/etc/raddb/radiusd.conf

修改后的 radiusd.conf 文件片段如下:

        #  dynamic expansion macro:  %{debug: 1}, where the debug level
        #  for this request is set to '1' (or 2, 3, etc.).  e.g.
        #
        #       ...
        #       update control {
        #              Tmp-String-0 = "%{debug:1}"
        #       }
        #       ...
        #
        #  The attribute that the value is assigned to is unimportant,
        #  and should be a "throw-away" attribute with no side effects.
        #
        #requests = ${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log

        #
        #  Which syslog facility to use, if ${destination} == "syslog"
        #
        #  The exact values permitted here are OS-dependent.  You probably
        #  don't want to change this.
        #
        syslog_facility = daemon

        #  Log the full User-Name attribute, as it was found in the request.
        #
        # allowed values: {no, yes}
        #
        stripped_names = yes

        #  Log authentication requests to the log file.
        #
        #  allowed values: {no, yes}
        #
        auth = yes

        #  Log passwords with the authentication requests.

 

再次執行radtest測試服務器 # radtest testing password123 127.0.0.1 0 testing123 ,結果顯示:

[root@fedora main]# ./radtest testing password123 127.0.0.1 0 testing123
Sent Access-Request Id 6 from 0.0.0.0:53539 to 127.0.0.1:1812 length 77
    User-Name = "testing"
    User-Password = "password123"
    NAS-IP-Address = 127.0.0.1
    NAS-Port = 0
    Message-Authenticator = 0x00
    Cleartext-Password = "password123"
Received Access-Accept Id 6 from 127.0.0.1:1812 to 0.0.0.0:0 length 35
    Reply-Message = "Hello,testing"
[root@fedora main]# 

收到 Access-Accept 即表示測試成功!

配置 radius server 端:

　　修改服務器端記錄客戶端的配置文件 /etc/raddb/clients.conf 文件，該文件默認值提供了本機測試的 local 配置，即：安裝完后默認只允許本機的client客戶端訪問radius服務器。

　　# 只允許本機的客戶端訪問
　　client localhost {
　　ipaddr = 127.0.0.1
　　secret = testing123
}
　　
　　# 添加一個子網 192.168.230.0/24 的網段可訪問
　　client 192.168.230.0/24 {
        secret          = alonesword
　　shortname       = lan-w3pc
　　}
　　

　　保存文件 /etc/raddb/clients.conf

重啟radius服務.

常見問題:

　　【Q1】啟動 radiusd 時可能會出現如下錯誤

　　error while loading shared libraries: libfreera....
　　

　　【A1】解決的方法是在/etc/ld.so.conf文件中添加一行/usr/local/lib，然后在root用戶下運行命令ldconfig即可
　　【Q2】啟動 radiusd 時可能會出現如下錯誤

　　Failed binding to authentication address *port 1812:Address already in use
　　

　　【A2】用命令lsof -i:1812查看占用進程，應該就是freeradius本身，kill該進程，然后重新# radiusd -X便可以運行服務程序了。