PPTP-***第二章——使用mysql进行用户登陆认证
在上一篇文章中记录了pptp ***的建立过程和简单实用测试,其中用户名和密码均使用文本数据库/etc/ppp/chap-secrets,小规模用户下,尚可以使用这种登录验证方式,若是用户数多了,则须要将用户登陆验证方式修改成查询数据库,在本文中将介绍如何将pptp ***的用户名和密码认证信息存储在mysql数据库中。php
前文传送门:http://ylw6006.blog.51cto.com/470441/1794577mysql
1、安装和配置整合mysql-server和freeradius,和前文同样采用rpm方式安装sql
1、安装软件包数据库
#yum -y install mysql* freeradius* session
2、配置数据库socket
# service mysqld start
# mysql
mysql> use mysql
mysql> delete from user where user='';
mysql> update user set password=PASSWORD('password');
mysql> flush privileges;
mysql> create database radius;
mysql> use radius;
mysql> source /etc/raddb/sql/mysql/admin.sql;
mysql> source /etc/raddb/sql/mysql/cui.sql;
mysql> source /etc/raddb/sql/mysql/nas.sql;
mysql> source /etc/raddb/sql/mysql/schema.sql;
mysql> source /etc/raddb/sql/mysql/wimax.sql;
mysql> insert into radcheck (Username,Attribute,op,Value)
values ('yang','password','==','yang123!')
3、修改配置文件,注意,第一行为行号,对应的行修改为相应的值ide
# vi /etc/raddb/radiusd.conf
700 $INCLUDE sql.conf
# vi /etc/raddb/sql.conf
28 database = "mysql"
33 driver = "rlm_sql_${database}"
36 server = "localhost"
38 login = "root"
39 password = "password"
42 radius_db = "radius"
50 acct_table1 = "radacct"
51 acct_table2 = "radacct"
100 readclients = yes
# vi /etc/raddb/sites-enabled/default
69 authorize {
170 # files
177 sql
252 authenticate {
297 # unix
333 preacct {
372 # files
389 # unix
406 sql
449 session {
454 sql
461 post-auth {
475 sql
# vi /etc/raddb/sites-enabled/inner-tunnel
125 # files
132 sql
224 # unix
256 sql
276 sql
四、测试radius和mysql的整合oop
# radtest yang yang123! 127.0.0.1 10 testing123post
出现rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=101, length=20提示,表明radius和mysql整合成功。测试
这里面tesing123为密码
# grep -v '^#' /etc/raddb/clients.conf |grep -v '#' |grep -v '^$'
2、整合pptp和freeradius
1、查看操做系统所安装ppp版本
# rpm -qa |grep ppp
ppp-2.4.5-10.el6.x86_64
2、下载对应版本的源码包并修改配置文件
下载地址:http://download.chinaunix.net/download.php?id=35207&ResourceID=8334
# tar -zxvpf ppp-2.4.5.tar.gz # mkdir /etc/ppp/radius # cp -R ppp-2.4.5/pppd/plugins/radius/etc/ /etc/ppp/radius/ # cat /etc/ppp/radius/etc/radiusclient.conf auth_order radius login_tries 4 login_timeout 60 nologin /etc/nologin issue /etc/ppp//radius/etc/issue authserver localhost:1812 acctserver localhost:1813 servers /etc/ppp/radius/etc/servers dictionary /etc/ppp/radius/etc/dictionary login_radius /usr/local/sbin/login.radius seqfile /var/run/radius.seq mapfile /etc/ppp/radius/etc/port-id-map default_realm radius_timeout 10 radius_retries 3 login_local /bin/login # tail -4 /etc/ppp/radius/etc/dictionary INCLUDE /etc/ppp/radius/etc/dictionary.microsoft INCLUDE /etc/ppp/radius/etc/dictionary.ascend INCLUDE /etc/ppp/radius/etc/dictionary.merit INCLUDE /etc/ppp/radius/etc/dictionary.compat
三、修改options.pptpd配置文件
# tail -2 /etc/ppp/options.pptpd plugin /usr/lib64/pppd/2.4.5/radius.so radius-config-file /etc/ppp/radius/etc/radiusclient.conf
4、修改radius认证密钥
# grep -v '^#' /etc/ppp/radius/etc/servers localhost tesing123
3、客户端拨号测试与debug
客户端拨号报错:rc_check_reply: received invalid reply digest from RADIUS server
把radiusd服务运行在调试模式下观察日志输出,并未发现任何报错信息
#service radiusd stop
#radiusd -X
rad_recv: Access-Request packet from host 127.0.0.1 port 43268, id=213, length=148
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "yang"
MS-CHAP-Challenge = 0x939a7b4308644d99c2f5f9b777207c42
MS-CHAP2-Response = 0xbc00666bc61ad32272c3ea4db4937b4bd9b4000000000000000000f4da56184820a839a25c1ba0fc5a9f239bf6be4fed9da2
Calling-Station-Id = "27.151.123.121"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] = ok
++[digest] = noop
[suffix] No '@' in User-Name = "yang", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] No EAP-Message, not doing EAP
++[eap] = noop
[sql] expand: %{User-Name} -> yang
[sql] sql_set_user escaped user --> 'yang'
rlm_sql (sql): Reserving sql socket id: 30
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'yang' ORDER BY id
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'yang' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'yang' ORDER BY priority
rlm_sql (sql): Released sql socket id: 30
++[sql] = ok
++[expiration] = noop
++[logintime] = noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] = noop
+} # group authorize = ok
Found Auth-Type = MSCHAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/raddb/sites-enabled/default
+group MS-CHAP {
[mschap] Creating challenge hash with username: yang
[mschap] Client is using MS-CHAPv2 for yang, we need NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] = ok
+} # group MS-CHAP = ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+group post-auth {
[sql] expand: %{User-Name} -> yang
[sql] sql_set_user escaped user --> 'yang'
[sql] expand: %{User-Password} ->
[sql] ... expanding second conditional
[sql] expand: %{Chap-Password} ->
[sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'yang', '', 'Access-Accept', '2016-06-29 17:05:21')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'yang', '', 'Access-Accept', '2016-06-29 17:05:21')
rlm_sql (sql): Reserving sql socket id: 29
rlm_sql (sql): Released sql socket id: 29
++[sql] = ok
++[exec] = noop
+} # group post-auth = ok
Sending Access-Accept of id 213 to 127.0.0.1 port 43268
Password == "yang123!"
MS-CHAP2-Success = 0xbc533d42383941354543303444354634354438323638414534323146323944344144443935424246433130
MS-MPPE-Recv-Key = 0xf60049baea9bf3462b5b90d8311848fd
MS-MPPE-Send-Key = 0x59e4dc74e5310b0fdb7ef0bf10ff10f4
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 213 with timestamp +11
Ready to process requests.
经过google搜索发现一个重要信息,参考文档:
https://community.ubnt.com/t5/EdgeMAX/PPTP-L2TP-Radius-Problem/td-p/630855
修改secert为test以后重启radiusd和pptpd服务,从新拨号测试。发现一切正常!
数据库中记录的客户端拨号信息
至此,PPTP ×××用户登录采用mysql数据库和freeradiusd服务认证配置完成,对拨号用户的流量控制和同一时刻只容许一个终端登陆将在下文中介绍,尽情期待!
相关文章
- 1. nginx 用户登陆认证
- 2. jwt用户登陆认证
- 3. MongoDB配置用户名和密码进行认证登陆
- 4. 限制用户通过ssh密钥进行认证登陆
- 5. Node.js 使用 JWT 进行用户认证
- 6. laravel7使用auth进行用户认证
- 7. Node.js 使用JWT进行用户认证
- 8. 使用Cookie进行无验证登陆
- 9. (MVC)验证用户是否登陆 登陆认证
- 10. 用户验证用户是否登陆,登陆之后才能进行操做
- 更多相关文章...
- • MySQL删除用户(DROP USER) - MySQL教程
- • MySQL创建用户(CREATE USER) - MySQL教程
- • Composer 安装与使用
- • 使用Rxjava计算圆周率
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
欢迎关注本站公众号,获取更多信息
相关文章