#pkg install freeradius
安裝後設定檔預設會放在/usr/local/etc/raddb 之下
2.編輯client.conf
#vi /usr/local/etc/raddb/clients.conf
加入即將登入認證的controller IP
client 163.17.38.208 {
secret = wireless-ap
}
client 163.17.38.209 {
secret = wireless-ap
}
client 163.17.38.63 {
secret = wireless-ap
}
#vi /usr/local/etc/raddb/users
加入網卡MAC
F4F15ADE2D8E Auth-Type := Local, User-Password := "F4F15ADE2D8E"
C417FE5EB9DB Auth-Type := Local, User-Password := "C417FE5EB9DB"
加入登入帳號密碼
admin Cleartext-Password := "1234"
#service radiusd start
停用radius serveing
#service radiusd stop
重新啟用radius serveing
#service radiusd restart
5.本機測試
#radtest 帳號 密碼 127.0.0.1 0 testing123
#radtest F4F15ADE2D8E F4F15ADE2D8E 127.0.0.1 0 testing123
Sending Access-Request of id 249 to 127.0.0.1 port 1812
User-Name = "F4F15ADE2D8E"
User-Password = "F4F15ADE2D8E"
NAS-IP-Address = 163.17.236.9
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=249, length=20
看到此畫面表認證成功。
#radtest 帳號 密碼 163.17.236.X 0 wireless-ap
#radtest F4F15ADE2D8E F4F15ADE2D8E 163.17.236.X 0 wireless-ap
Sending Access-Request of id 164 to 163.17.236.9 port 1812
User-Name = "F4F15ADE2D8E"
User-Password = "F4F15ADE2D8E"
NAS-IP-Address = 163.17.236.xx
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 163.17.236.x port 1812, id=164, length=20
看到此畫面表認證成功。
7.開啟防火牆
本機防火牆及學校防火牆加入允許來源為教網中心controller IP 查詢的規則
1. 本機:
#vi /etc/sysconfig/iptables
加入
-A INPUT -s 163.17.38.208 -p udp --dport 1812:1814 -j ACCEPT
-A INPUT -s 163.17.38.209 -p udp --dport 1812:1814 -j ACCEPT
重新啟動 iptables
#service iptables restart
