FreeRadius使用调试(一)
1.1 增加一个NAS的完整过程
- 修改conf文件,在文件尾部增加新的NAS的信息
例如
client X.X.X.X {
secret = test
shortname = qsc6
}
- 修改conf文件,在文件尾部增加NAS中认证用户的域信息
例如
realm qsc.de {
type = Radius
authhost = LOCAL
accthost = LOCAL
}
- 新建xxx(xxx建议为domainname)文件,增加对应的帐号信息
例如
all auth-Type := Local, User-Password == "all", Service-type == 6
Huawei-Exec-Privilege = 3 ,
Huawei-Ftp-directory = cfcard:/
- 编辑users文件,在文件头部INCLUDE上面的创建的文件
例如
# You can include another `users' file with `$INCLUDE users.other'
#
$INCLUDE users.qsc
$INCLUDE users.admin
请注意,缺省情况下,用户帐号中域名是会被FreeRadius剥离的,所以配置帐号请尽量不要重名。
- 如果需要增加私有属性,请创建属性文件后在/usr/local/etc/raddb/dictionary中包含
例子
#
# This is the master dictionary file, which references the
# pre-defined dictionary files included with the server.
#
# Any new/changed attributes MUST be placed in this file, as
# the pre-defined dictionaries SHOULD NOT be edited.
#
# $Id: dictionary.in,v 1.4 2004/04/14 15:26:20 aland Exp $
#
#
# The filename given here should be an absolute path.
#
$INCLUDE /usr/local/share/freeradius/dictionary
$INCLUDE /usr/local/share/freeradius/dictionary.huawei
- 若Radius已运行,请执行如下命令更新
Rc.radiusd reload
6、查看是否启动成功,启动失败请查看日志查看失败原因,理论上,配置错误均会在日志中看到原因。
7、测试新配置的帐号
1.2 如何增加私有属性
- 新建或编辑私有属性文件,文件命名建议为<厂商英文名称>,放入目录/usr/local/share/freeradius
格式
#
# Radius Attribute Value Dictionary
#
# This file contains dictionary translations for parsing
# Radius Attribute/Value Pairs. The value of each attribute
# is specified as one of 4 data types. Valid data types are:
#
# string - 0-253 octets
# ipaddr - 4 octets in network byte order
# integer - 32 bit value in big endian order (high byte first)
# date - 32 bit value in big endian order
#
#
VENDOR Huawei 2011
BEGIN-VENDOR Huawei
# huawei begin
ATTRIBUTE Huawei-Input-Burst-Size 1 integer
# huawei end
END-VENDOR Huawei
注意,为避免名称重复,请编写时加入厂商名称便于区别。
-
- 在/usr/local/etc/raddb/dictionary中包含该文件
- 点赞
- 收藏
- 关注作者
评论(0)