Install radius server
一.安装LAMP环境
yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel
yum -y install httpd httpd-devel
yum -y install mariadb-server mariadb
yum -y install php php-devel php-mysql php-common php-gd php-mbstring php-mcrypt php-imap php-odbc php-pear php-xml php-xmlrpc php-pear-DB
环境centos7.2
1.安装http和mariadb
systemctl enable httpd
systemctl enable mariadb
systemctl start httpd
systemctl start mariadb
systemctl status httpd
systemctl status mariadb
In this article, the radius password is uniformly set to radpass, mainly for convenience of installation. The
initial setting MariaDB can be changed in the database, and the root password can be set. For security reasons, consider deleting anonymous users and disabling remote root login. See the example configuration below . #Enter the
password after setting the password
mysql_secure_installation
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
2. Create radius database and user name and password
mysql -u root -pradpass
MariaDB [(none)]> create database radius;
#GRANT authority ON database. TO user name @ HostnameIDENTIFIED BY "password";
#For a specific database Grant all forms in the authorization and create a database management account MariaDB [(none)]> grant all on radius. To radius @ "localhost" identified by "radpass";
MariaDB [(none)]> flush privileges;
MariaDB [(none) ]> exit
refer to the reference document:
https://www.cnblogs.com/opsprobe/p/9769555.html
https://blog.51cto.com/wzlinux/1736744?cid=727963
If the php and local machine installed above The PHP is not suitable, you can install it as follows.
3. Install PHP7
yum -y upgrade: just upgrade all software packages, but not upgrade software and system kernel.
systemctl restart httpd.service
yum -y remove php-common
rpm -Uvhhttps://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum list php * | -r the Sort
yum -y install php72w php72w-the Common php72w-FPM php72w-opcache php72w-gd php72w-mysqlnd php72w-mbstring php72w-PECL-Redis php72w-PECL memcached php72w-devel-PHP-PEAR-DB
restart the httpd service
systemctl restart httpd.service
view php version
php -v
4. Test php
vim /var/www/html/info.php and
enter the following:
<? php
phpinfo ();
?> 
curl http://192.168.0.163//info. The
LAMP environment above php is set up
two. Install Radius
yum -y install freeradius freeradius-utils freeradius-mysql
start radius and set to start
systemctl start radiusd.service
systemctl enable radiusd.service
Check the port used by Radius, and then add Radius service to the firewall;
even if the
firewall is directly closed, firewall-cmd --state
not running
###################### ###################ignore############################## ############
cat /usr/lib/firewalld/services/radius.xml
<? xml version = "1.0" encoding = "utf-8"?>
<service>
<short> RADIUS < / short>
<description> The Remote Authentication Dial In User Service (RADIUS) is a protocol for user authentication over networks. It is mostly used for modem, DSL or wireless user authentication. If you plan to provide a RADIUS service (eg with freeradius ), enable this option. </ description>
<port protocol = "tcp" port = "1812" />
<port protocol = "udp" port = "1812" />
<port protocol="tcp" port="1813"/>
<port protocol = "udp" port = "1813" />
</ service>
firewall-cmd --state #Check the firewall status, you can only add rules when it is started, the default firewall in centos7 is firewalld, generally no additional settings are required.
firewall-cmd --add-service = radius --permanent # Add Radius service to firewalld firewall.
firewall-cmd --reload #Let the configured firewall policy take effect immediately
firewall-cmd --list-services #List the services enabled in the area
#################### #####################ignore############################ ##############
3. Configure FreeRadius
cd / etc / raddb / mods-config / sql / main / mysql /
mv setup.sql setup.sql-backup #Backup setup.sql configuration file
grep -v "#" /etc/raddb/mods-config/sql/main/mysql/setup.sql-backup> /etc/raddb/mods-config/sql/main/mysql/setup.sql 
# filtered # Comments The information line of the symbol
enters vim setup.sql to view the configuration file
CREATE USER 'radius' @ 'localhost';
SET PASSWORD FOR 'radius' @ 'localhost' = PASSWORD ('radpass');
GRANT SELECT ON radius. * TO 'radius' @ 'localhost';
GRANT ALL on radius.radacct TO 'radius' @ 'localhost';
GRANT ALL on radius.radpostauth TO 'radius' @ 'localhost';
mysql -u root -p Enter, enter the password and
then execute source / etc / raddb / mods-config / sql / main /mysql/setup.sql
then use radius to enter, open the radius database to
import the information of the schema.sql table
source /etc/raddb/mods-config/sql/main/mysql/schema.sql After the
import is complete, you can use the command to view the import The information of the data table
show databases; #View which libraries
use radius; #Open the radius database
show tables;
#Display all the tables in the radius database / etc / raddb / sql / mysql / schema.sql #The main database defines 8 tables, including
nas
#Network equipment table radacct #Charging situation table
radcheck #User check information table
radgroupcheck #User group check information table
radgroupreply #User group reply information table
radpostauth # Post-authentication processing information, which can include records of successful and rejected authentication requests.
radreply #User reply information table
radusergroup #User and group relationship table
creates soft connection for / etc / raddb / mods-enabled
ln -s / etc / raddb / mods-available / sql / etc / raddb / mods-enabled /
Edit / etc / raddb / mods-available / sql file 
driver = "rlm_sql_mysql"
dialect = "mysql"
server = "localhost"
port = 3306
login = "radius"
password = "radpass"
radius_db = "radius"
will / etc / raddb Change the group of / mods-enabled / sql to radiusd:
chgrp -h radiusd / etc / raddb / mods-enabled / sql
add startup service, adjust the startup order of FreeRadius and MariaDB, FreeRadius must be started after MariaDB starts, in [Unit] In part, add After = mariadb.service as follows:
systemctl enable radiusd.service
编辑/etc/systemd/system/multi-user.target.wants/radiusd.service文件
[Unit]
Description=FreeRADIUS high performance RADIUS server.
After=syslog.target network.target ipa.service dirsrv.target krb5kdc.service
After=mariadb.service
Add a client connection settings
mv /etc/raddb/clients.conf /etc/raddb/clients.conf-backup
grep -v "#" /etc/raddb/clients.conf-backup> /etc/raddb/clients.conf
editor /etc/raddb/clients.conf has
no special settings so that all IPs can connect to 
client all_client {
ipaddr = 0.0.0.0/0
secret = testing123
require_message_authenticator = no
}
raidus client configuration ip information, for example:
client xxxx { #router IP address
ipaddr = xxxx # router's IP address
secret = xxxxxxxxxx # connection password between router and radius server
}
You can run tail -f /var/log/radius/radius.log to check the logs of the radius service to see if there are any errors.
Fourth, install the FreeRADIUS management interface Daloradius
cd / var / www / html /
wget https://github.com/lirantal/daloradius/archive/master.zip
link: https://pan.baidu.com/s/1RnXOxkZs3LXGwTl-3CUPow Extraction code: bs6n
unzip master.zip
mv daloradius-master / daloradius
daloradius-0.9-9.tar.gz
link: https://pan.baidu.com/s/1vuyPLVnXhb78Bb68ZGNWAQ
extraction code: fa63
tar -zxvf daloradius-0.9-9 .tar.gz
mv daloradius-0.9-9 daloradius
Go to the daloradius directory and import the daloradius database
cd daloradius
mysql -u root -p radius <contrib / db / fr2-mysql-daloradius-and-freeradius.sql
mysql -u root -p radius <contrib / db / mysql-daloradius.sql
Set the user group and user of the daloradius directory, set the permissions of daloradius.conf.php
chown -R apache: apache / var / www / html / daloradius /
chmod 664 /var/www/html/daloradius/library/daloradius.conf.php
Edit /var/www/html/daloradius/library/daloradius.conf.php file, database connection information 
(lines 28-33)
$ configValues ['CONFIG_DB_ENGINE'] = 'mysql';
$ configValues ['CONFIG_DB_HOST'] = 'localhost ';
$ configValues [' CONFIG_DB_PORT '] =' 3306 ';
#Port to connect to the mysql database $ configValues [' CONFIG_DB_USER '] =' root ';
#Account to connect to the mysql database $ configValues [' CONFIG_DB_PASS '] =' rdbpass';
#Password to connect to mysql database account $ configValues ['CONFIG_DB_NAME'] = 'radius'; #Connect to mysql radius database
There are also several bugs of daloradius. There are several file paths in the default configuration that are different from what we imported. Change it over:
$ configValues ['CONFIG_FILE_RADIUS_PROXY'] = '/etc/raddb/proxy.conf
'; (line 68) $ configValues ['CONFIG_PATH_DALO_VARIABLE_DATA'] = '/ var / www / html / daloradius / var'; (line 70)
$ configValues ['CONFIG_MAINT_TEST_USER_RADIUSSECRET'] = 'testing123'; (line 88) #Note that this should be the same as secret = xxxxxxxxxx set in the /etc/raddb/clients.conf file.
Save and exit after configuration
Restart radius, maridb, http service
systemctl daemon-reload
#Reload the daemon process systemctl restart radiusd.service
systemctl restart mariadb.service
systemctl restart httpd 
This error I did not encounter, the reason for this error is that it was uninstalled when reinstalling php above More, just add this package when installing
cat / etc / httpd / logs / error_log #Check the log of http service and find the following error:
PHP Fatal error: Uncaught Error: Class 'DB' not found in /var/www/html/daloradius/library/opendb.php:86\nStack trace:\n#0 /var/www/html/daloradius/dologin.php(49): include()\n#1 {main}\n thrown in /var/www/html/daloradius/library/opendb.php on line 86
Solution: yum -y install php-pear-DB
test: daloradius interface
browser visit http://192.168.0.238//daloradius
login web interface
username: administrator
password: radius
LAMP + FreeRadius + Daloradius web management interface has been installed Successful, the following is the Chinese tutorial of Web interface. 
Five, Daloradius Chinese version setting
download file zh.php;
link: https://pan.baidu.com/s/1KAXHh9_inckAKv4_2s9OOA extraction code: bydk
Put the downloaded zh.php file in the / var / www / html / daloradius / lang directory
Go to the / var / www / html / daloradius file directory, modify config-lang.php, add Chinese option:
vim /var/www/html/daloradius/config-lang.php 
<option value = "zh"> Simplified Chinese </ option> (line 79)
Go to / var / www / html / daloradius / lang directory, modify main.php, add simplified Chinese file
vim /var/www/html/daloradius/lang/main.php 
case "zh":
include (dirname ( FILE ). " /zh.php ");
break;
restart radiusd service
systemctl restart radiusd.service
systemctl restart httpd
Log in to the web page http://192.168.0.238/daloradius/ to set the Chinese display,
click Config-> Language Settings-> Simplified Chinese 
database to view certain information,
view the user list, and 
change the administrator's default password
The original idea was to use it with the SoftEther Server management tool. As a result , the open source version of SoftEther Server does not support radius and certificate authentication, and the enterprise version is not recorded once.
These three methods are not supported. I am going to choose other ***,