Pastikan anda mempunyai MySQL Server sedang running
( secara default mysql username = "root" password = "" )
[root@localhost raddb]# /sbin/service mysqld status
mysqld (pid 6933) is running...
[root@localhost raddb]#
[root@localhost raddb]# mysql -uroot
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3916 to server version: 5.0.22
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>
Sebelum teruskan tutorial ini, sila baca tutorial di bawah :
http://www.frontios.com/freeradius.html
Dah baca ? Make sure ulang baca tutorial dalam link di atas 2-3 kali. Baiklah mari kita mulakan
Kita kena install database schema dalam database MySQL. Pengetahuan penggunaan MySQL/SQL amat penting untuk memudahkan pemahaman tutorial ini.
1. Masuk ke folder /usr/local/etc/raddb/sql/mysql
[root@localhost mysql]# cd /usr/local/etc/raddb/sql/mysql
[root@localhost mysql]# pwd
/usr/local/etc/raddb/sql/mysql
[root@localhost mysql]#
List folder tersebut dan make sure ada file bernama schema.sql. Mula-mula create database bernama radius di dalam MySQL console
[root@localhost mysql]# mysql -uroot
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3920 to server version: 5.0.22
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> create database radius;
Query OK, 1 row affected (0.00 sec)
mysql> exit
Bye
[root@localhost mysql]#
Database "radius" telah dibuat dan kita akan sumbatkan data dalam schema.sql ke dalam database "radius"
Laksanakan arahan berikut:
[root@localhost mysql]# mysql -uroot radius < schema.sql
Pastikan database telah diinstall dengan jayanya. Masuk semula ke MySQL console dan laksanakan arahan berikut
mysql> use radius;
Database changed
mysql> show tables;
+------------------+
| Tables_in_radius |
+------------------+
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radpostauth |
| radreply |
| radusergroup |
+------------------+
7 rows in set (0.01 sec)
mysql>
Sekarang kita akan mengubah radius configuration. Pergi ke folder /usr/local/etc/raddb/ dan edit fail radiusd.conf
Pastikan radiusd.conf include sql.conf
# Include another file that has the SQL-related configuration.
# This is another file only because it tends to be big.
#
$INCLUDE sql.conf
Kemudian edit fail sql.conf dan masukkan data seperti di bawah
#
# Set the database to one of:
#
# mysql, mssql, oracle, postgresql
#
database = "mysql"
#
# Which FreeRADIUS driver to use.
#
driver = "rlm_sql_${database}"
# Connection info:
server = "localhost"
login = "root"
password = ""
Ok sekarang cuba run balik radiusd
/usr/local/sbin/radiusd -X
rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot ope n shared object file: No such file or directory
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld.
/usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module "sql"
/usr/local/etc/raddb/sites-enabled/default[126]: Failed to find module "sql".
Error ? Jangan risau, error ini sentiasa dihadapi bila install Freeradius. Solutionnya kena install mysql-devel rpm. Boleh install menggunakan YUM atau download sendiri dari rpmfind.
install mysql-devel
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
mysql-devel x86_64 5.0.22-2.2.el5_1.1 rhel-x86_64-server-5 2. 4 M
mysql-devel i386 5.0.22-2.2.el5_1.1 rhel-x86_64-server-5 2. 4 M
Transaction Summary
=============================================================================
Install 2 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 4.8 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): mysql-devel-5.0.22 100% |=========================| 2.4 MB 00:41
(2/2): mysql-devel-5.0.22 100% |=========================| 2.4 MB 01:18
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: mysql-devel ######################### [1/2]
Installing: mysql-devel ######################### [2/2]
Installed: mysql-devel.x86_64 0:5.0.22-2.2.el5_1.1 mysql-devel.i386 0:5.0.22-2.2 .el5_1.1
Complete!
[root@localhost raddb]# yum install mysql-devel
Mysql-devel library dah install. Jadi kita kena ./configure balik source code freeradius. Kembali ke folder di mana anda untar free radius dan lakukan semua process ./configure, make dan make install dan run kembali radiusd -X
Anda sepatutnya dapat result seperti di dalam gambar di bawah
Jika berjaya dapat result seperti di atas, ini bermaksud Free Radius berjaya load library MySQL. Seterusnya kita kena configure FreeRadius supaya abaikan user yang disimpan menggunakan text files dan hanya gunakan MySQL
Edit file berikut:
[root@localhost sites-enabled]# vi /usr/local/etc/raddb/sites-enabled/default
Fail ini mengandungi realm configuration seperti
authorize{
# config
#config
}
accounting{
# config
# config
}
Kita kena matikan option Files dan enable kan Sql di dalam kedua-dua realm tersebut. Anda hanya perlu ubah 2 realm,authorize{} dan accounting{}
authorize{
# matikan files
# files
# guna mysql untuk auth
sql
}
accounting{
# gunakan sql untuk acccounting
sql
}
Boleh lihat contoh file default di http://protonmania.com/freeradius/default.txt
Restart semula radiusd -X
Sekarang kita cuba authenticate user yang disimpan di dalam database MySQL.Masukkan username bernama "mankukhayun" dan password "abc123" ke dalam table radcheck di dalam database radius
mysql> insert into radcheck (username,attribute,value,op) VALUES ('mankukhayun','Password','abc123','==');
Query OK, 1 row affected (0.00 sec)
mysql> select * from radcheck;
+----+-------------+-----------+----+--------+
| id | username | attribute | op | value |
+----+-------------+-----------+----+--------+
| 1 | mankukhayun | Password | == | abc123 |
+----+-------------+-----------+----+--------+
1 row in set (0.00 sec)
Laksanakan arahan berikut
[root@localhost ~]# radtest mankukhayun abc123 127.0.0.1 1812 testing123
Jika berjaya, anda akan dapat hasil seperti di gambarajah berikut
Jika anda berjaya menamatkan tutorial hingga ke tahap ini, tahniah, kerana saya menghabiskan masa dekat 2 minggu menyelesaikan masalah Freeradius dan MySQL.
Posts
tutorial yang bagus dan tq for sharing...
ReplyDeleteThanks. Make sure kena tau basic Linux/MySQL baru boleh follow tutorial nih
ReplyDeletebasic ni ada lah sikit2. tapi ada gak yang kurang paham. kalau ada masa nanti wat lah satu tutorial khas pasal command linux. saya pakai Fedora Core 8 je
ReplyDeletesaya minat nak create free wifi spot kat kedai mamak ni. Macamana ya?
ReplyDeletehow to solve this error below??
ReplyDeleteERROR: Failed to open socket:
/usr/local/etc/raddb/radiusd.conf[210]: Error binding to port for 0.0.0.0 port 1812
hi...aku try compile guna username ngan pass dari database...tp,jd..dan aku dpt nih..
ReplyDeleteReady to process requests.
User-Name = "dinodegil"
User-Password = "mohdnizam"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "dinodegil", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "mohdnizam"
rlm_pap: Using CRYPT encryption.
rlm_pap: Passwords don't match
++[pap] returns reject
auth: Failed to validate the user.
Login incorrect (rlm_pap: CRYPT password check failed): [dinodegil/mohdnizam] (from client localhost port 1812)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> dinodegil
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Waking up in 4.9 seconds.
Cleaning up request 1 ID 44 with timestamp +667
ko masih guna rlm_pap...tak guna lagi rlm_sql...pi ubah radius supaya dia baca data dari mysql....
ReplyDeletenk ubah mcm ne ye...tlg perjelaskan skit..
ReplyDeletesalam saudara;
ReplyDeleteSaya cuba nak apply 'groupname' dalam mysql database ni. Saya ndak buat 2 group yg berbeza, cthnyer: admin and user biasa.
Kalau saya insert je groupname ni dalam table 'radgroupcheck' , 'radgroupreply', ngan 'radusergroup' ..Perlu tak saya modify priority tu?
Pastu masa authenticate oleh RADIUS Server nnt, adakah RADIUS Server akan automatically detect yg kiter ada 2 jenis groupname with different priority?
Terima Kasih..
Ni berapa kali user boleh login guna satu username? Boleh set ke?
ReplyDelete[root@localhost ~]# radtest mankukhayun abc123 127.0.0.1 1812 testing123
ReplyDeleteSending Access-Request of id 89 to 127.0.0.1 port 1812
User-Name = "mankukhayun"
User-Password = "abc123"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Sending Access-Request of id 89 to 127.0.0.1 port 1812
User-Name = "mankukhayun"
User-Password = "abc123"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Sending Access-Request of id 89 to 127.0.0.1 port 1812
User-Name = "mankukhayun"
User-Password = "abc123"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
radclient: no response from server for ID 89 socket 3
btol ke ni...
no response 2...apa ke hal plak dah..
respond salah tu bro. kill process radius dan run balek /../..radiusd -X. makesure korang bukak 2 session putty so senang korang nk tengok error. -X tu bermaksud lihat log output.
ReplyDeleteafter korang run -x see apakah port authentication 1812.mayb diffrent os diffrent port.depend. apa yg ak lakukan just makesure 127.0.0.1 atau localhost hidup.korang nk dig atau nslookup ke terpulang.
1 lagi session putty korang taip command radtest ... so apa2 output korang test akan keluar kat session -X tadi.
let say
rlm_pap: login attempt with password "mohdnizam"
rlm_pap: Using CRYPT encryption.
rlm_pap: Passwords don't match
jelas2 password salah. it doesn't matter, klo korang use realm but better sql la.senang manage.
Fail ini mengandungi realm configuration seperti
ReplyDeleteauthorize{
# config
#config
}
accounting{
# config
# config
}
Kita kena matikan option Files dan enable kan Sql di dalam kedua-dua realm tersebut. Anda hanya perlu ubah 2 realm,authorize{} dan accounting{}
authorize{
# matikan files
# files
# guna mysql untuk auth
sql
}
accounting{
# gunakan sql untuk acccounting
sql
}
apa yer perlu di disable kan n apa yang perlu di enable kan?? plss help me ^^