Shulou(Shulou.com)06/03 Report--

Due to the testing requirements at work, refer to the online documentation to build a simple installation of FreeRadius in Cent OS.

one。 Basic environment configuration

Linux OS sets a fixed IP to ensure access to the external network. Turn off the iptables firewall: service iptables stop (chconfig iptables off: permanently turn off the firewall)

II. Install FreeRadius related software packages

# yum install-y freeradius#yum install-y freeradius-utils

III. Add Radius client

# vim / etc/raddb/clients.conf

Add Radius client information at the bottom of the document:

Client Beyondsoft {ipaddr = 10.10.10.0 # represents the key shortname = beyondsoft of client netmask = 24 secret = 123456 # sharesecret,Radius with the prefix 10.10.10.x

Four. add user

Vim / etc/raddb/users

Add content at the bottom

User1 Cleartext-Password: = "password1" # user1 is the user name, and password1 is the password corresponding to the user

Five. installation certificate

Remove related files

Cd / etc/raddb/certs rm-f * .pem * .der * .csr * .crt * .key * .p12 serial* index.txt* * # remove files with suffixes .pem, .der, .csr, .crt, .key, .p12, index.txt

Set the validity period of three certificates

Vi ca.cnf default_days=3600 vi server.cnf default_days=3600 vi client.cnf default_days=3600

Generate a certificate

. / bootstrap

Copy the certificate file to another location to configure the user certificate

Cd..

Mkdir zs # create folder zs

Cp / etc/raddb/certs/* / etc/raddb/zs # copy the contents of the cert folder into zs

Cd / etc/raddb/zs

Change the encrypted information in the xpextensions file

Vi xpextensions

Change content

[xpclient_ext]

ExtendedKeyUsage = 1.3.6.1.5.5.7.3.2 extendedKeyUsage 1.3.6.1.5.5.7.3.1

Modify the certificate template for client.cnf

Vi client.cnf

Change content

EmailAddress = test1@example.com # first name creates a user user name in the raddb folder

CommonName = test1

Generate a user certificate, where client.p12 is the user certificate

Make client.pem** VI. Enable radius service * *

Chown-R radiusd:radiusd / etc/raddb/certs # change the certs folder to read-only permission

Service radiusd restart

Related problems and solutions:

After adding new users in step 4, you can use radiusd-X to verify that Freeradius is installed properly.

Radiusd-X turns on debug mode of radius

a. Open a Terminal terminal to execute: radiusd-X. Where X is uppercase

b. Open another Terminal terminal to execute: radtest user1 password1 127.0.0.1 1812 testing123

This command: verify through the local server to verify that the newly added users on the corresponding port 1812 can pass. If the server and the route or switch can Ping, but no corresponding log appears during the connection, you should check the firewall status to see if the firewall is turned off. Service iptables status service iptables stop

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.