例如ubuntu:
For Bionic Beaver (18.04), add to your apt source list (/etc/apt/sources.list):
deb http://packages.networkradius.com/releases/ubuntu-bionic bionic main
sudo apt-key adv --keyserver keys.gnupg.net --recv-key 0x41382202
sudo apt-get update
sudo apt-get install freeradius
启动服务:/etc/init.d/freeradius start
调试启动:freeradius -X
源码安装:
git clone https://github.com/FreeRADIUS/freeradius-server.git
进入目录
切换到3.0版本
git checkout -b git checkout -b release_3_0_20
git pull
执行
./configure
发现少了两个依赖,一次安装。
sudo apt-get install libtalloc-dev
sudo apt-get install libkqueue-dev
make
sudo make install
使用ubtuntu的apt-get方式来安装freeradius的位置会和源码不同、源码安装的默认位置是
/usr/local/etc/raddb/
而使用ubuntu的apt-get方式的配置文件则安置在
/etc/freeradius/
官方给的简单测试方式:
然后修改/etc/freeradius/下的users文件把这段注释去掉
steve Cleartext-Password := "testing"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 172.16.3.33,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
执行freeradius -X
在另一个终端:radtest testing localhost 1812 testing123
其他配置方案测试:
## vi users 用户配置
#两个字符串分别是验证时输入的身份和密码
"hzlarm" Cleartext-Password := "hzlarm123"
## clients.conf 配置客户端的密码以下是默认的,本机测试,配置这个点即可:client localhost
secret = testing123
##如果是联网测试,往下找类似字段进行修改,指定的外网ip以及设定一个密码。
##这个密码是配置fitap时的密码,同样要输入的是radius服务器的ip与端口。这ip不清楚地话可以随意设置,
##等开启freeradius -X以及配置好fitap指向radius,服务器端会报错忽略某某ip,然后填入这个ip即可。
client private-network-1 {
ipaddr = xxx.87.xx.12/24
secret = testing123
## /etc/raddb/eap.conf
## eap-tls配置,在tls模块配置客户端证书
## 将父证书到顶级证书的内容都加入到pem中,要不然freeradius无法识别,
ca_file = ${cadir}/alilang/alilang_ca_merge.pem
## etc/raddb/sites-enabled/default
## 配置验证和授权的方式,计费可不考虑,这次不测是到这个点;确认开启了以下几个方式
pap
eap
chap
mschap
pap:
radtest hzlarm hzlarm123 127.0.0.1 1812 testing123
eap-md5:
# radeapclient -x 127.0.0.1 auth testing123 < eap-md5.txt
# 以下内容写在eap-md5.txtf文件
User-Name = "hzlarm "
Cleartext-Password = "hzlarm123"
EAP-Code = Response
EAP-Id = 210
EAP-Type-Identity = "ufiletest"
Message-Authenticator = 0x00
peap-mschapv2:
# eapol_test -c peap-mschapv2.conf -s testing123
# 以下内容写在peap-mschapv2.conf文件
network={
ssid="example"
key_mgmt=WPA-EAP
eap=PEAP
identity="hzlarm"
anonymous_identity="anonymous"
password="hzlarm123"
phase2="autheap=MSCHAPV2"
# Uncomment the following to perform server certificate validation.
# ca_cert="/etc/freeradius/certs/ca.der"
}
安装测试工具eapol_test
cd /usr/local/src/
wget https://w1.fi/releases/wpa_supplicant-2.9.tar.gz
tar –xzvf wpa_supplicant-2.9.tar.gz
cd wpa_supplicant-2.9/wpa_supplicant/
cp defconfig .config
make eapol_test
#报错执行
#sudo apt-get install libdbus-1-dev
#sudo apt-get install libnl-3-dev libnl-genl-3-200 libnl-genl-3-dev libnl-idiag-3-dev
cp eapol_test /usr/local/bin/
eap-tls:
# sudo eapol_test -c eap-tls.conf -a 127.0.0.1 -p 1812 -s testing123 -r 1
# 以下内容写在eap-tls.conf文件
network={
eap=TLS
eapol_flags=0
key_mgmt=IEEE8021X
identity="hzlarm"
password="hzlarm123"
# client
ca_cert="/etc/freeradius/certs/ca.pem"
client_cert="/etc/freeradius/certs/client.pem"
private_key="/etc/freeradius/certs/client.key"
private_key_passwd="whatever"
# server
#ca_cert="/etc/freeradius/certs/ca.pem"
#client_cert="/etc/freeradius/certs/server.pem"
#private_key="/etc/freeradius/certs/server.key"
#private_key_passwd="whatever"
}
ttls-chap:
# eapol_test -c ttls-chap.conf -s testing123
# 以下内容写在ttls-chap.conf文件
network={
ssid="example"
key_mgmt=WPA-EAP
eap=TTLS
identity="hzlarm"
anonymous_identity="anonymous"
password="hzlarm123"
phase2="auth=CHAP"
# Uncomment the following to perform server certificate validation.
# ca_cert="/etc/freeradius/certs/ca.der"
}
ttls-eapmd5:
#
# eapol_test -c ttls-eapmd5.conf -s testing123
#
network={
ssid="example"
key_mgmt=WPA-EAP
eap=TTLS
identity="hzlarm"
anonymous_identity="anonymous"
password="hzlarm123"
phase2="autheap=MD5"
# Uncomment the following to perform server certificate validation.
# ca_cert="/etc/freeradius/certs/ca.der"
}
ttls-mschapv2:
#
# eapol_test -c ttls-mschapv2.conf -s testing123
#
network={
ssid="example"
key_mgmt=WPA-EAP
eap=TTLS
identity="hzlarm"
anonymous_identity="anonymous"
password="hzlarm123"
phase2="autheap=MSCHAPV2"
# Uncomment the following to perform server certificate validation.
#ca_cert="/etc/freeradius/certs/ca.pem"
}
ttls-pap:
#
# eapol_test -c ttls-pap.conf -s testing123
#
network={
ssid="example"
key_mgmt=WPA-EAP
eap=TTLS
identity="hzlarm"
anonymous_identity="anonymous"
password="hzlarm123"
phase2="auth=PAP"
# Uncomment the following to perform server certificate validation.
# ca_cert="/etc/freeradius/certs/ca.der"
}