xjdrew · August 29, 2015 14:13
diff --git a/setup_radsrv_users.sh b/setup_radsrv_users.sh
 #!/bin/bash
 #
 # 需要预先修改一下变量
 RADIUS_USER=your_username
 RADIUS_PASSWORD=your_very_secure_password
 RADIUS_NAS_PASSWORD=testing123

 # 安装必要的软件包, freeradius-2.1.12+dfsg-1.2ubuntu8
 apt-get install -y freeradius
 
 # 修改users
 cp /etc/freeradius/users /etc/freeradius/users.old
 cat > /etc/freeradius/users <<EOF
 $RADIUS_USER Cleartext-Password := "$RADIUS_PASSWORD"
 EOF
 
 # 修改radiusd.conf
 cp /etc/freeradius/radiusd.conf /etc/freeradius/radiusd.conf.old
 cat > /etc/freeradius/radiusd.conf <<EOF
 prefix = /usr
 exec_prefix = /usr
 sysconfdir = /etc
 localstatedir = /var
 sbindir = \${exec_prefix}/sbin
 logdir = /var/log/freeradius
 raddbdir = /etc/freeradius
 radacctdir = \${logdir}/radacct
 name = freeradius
 confdir = \${raddbdir}
 run_dir = \${localstatedir}/run/\${name}
 db_dir = \${raddbdir}

 libdir = /usr/lib/freeradius
 pidfile = \${run_dir}/\${name}.pid

 user = freerad
 group = freerad

 max_request_time = 30
 cleanup_delay = 5
 max_requests = 65536

 listen {
 	type = auth
 	ipaddr = *
 	port = 1812
 }

 listen {
 	ipaddr = *
 	port = 1813
 	type = acct
 }

 hostname_lookups = no
 allow_core_dumps = no
 regular_expressions = yes
 extended_expressions = yes

 log {
 	destination = files
 	file = \${logdir}/radius.log
 	syslog_facility = daemon
 	stripped_names = no
 	auth = no
 	auth_badpass = no
 	auth_goodpass = no
 }

 checkrad = \${sbindir}/checkrad
 security {
 	max_attributes = 200
 	reject_delay = 1
 	status_server = yes
 }

 proxy_requests  = no
 \$INCLUDE clients.conf

 thread pool {
 	start_servers = 5
 	max_servers = 32
 	min_spare_servers = 3
 	max_spare_servers = 10
 	max_requests_per_server = 0
 }

 modules {
 	\$INCLUDE \${confdir}/modules/
 	\$INCLUDE eap.conf
 }

 instantiate {
 	exec
 	expr
 	expiration
 	logintime
 }

 \$INCLUDE policy.conf
 \$INCLUDE sites-enabled/
 EOF
 
 # 修改clients.conf
 cp /etc/freeradius/clients.conf /etc/freeradius/clients.conf.old
 cat >/etc/freeradius/clients.conf <<EOF
 client 127.0.0.1 {
 	secret		= $RADIUS_NAS_PASSWORD
 }
 EOF
 
 # 设置sites
 rm /etc/freeradius/sites-enabled/*
 cat > /etc/freeradius/sites-enabled/my.conf <<EOF
 authorize {
 	preprocess
 	chap
 	mschap
 	digest
 	suffix
 	eap {
 		ok = return
 	}
 	files
 #	sql
 	expiration
 	logintime
 	pap
 }

 authenticate {
 	Auth-Type PAP {
 		pap
 	}
 	Auth-Type CHAP {
 		chap
 	}
 	Auth-Type MS-CHAP {
 		mschap
 	}
 	digest
 	eap
 }


 preacct {
 	preprocess
 	acct_unique
 	suffix
 	files
 }

 #
 #  Accounting.  Log the accounting data.
 #
 accounting {
 	detail
 	#unix
 	radutmp
 #	sql
 	if (noop) {
 		ok
 	}
 	exec
 	attr_filter.accounting_response
 }

 session {
 	radutmp

 	#
 	#  See "Simultaneous Use Checking Queries" in sql.conf
 #	sql
 }


 post-auth {
 #	sql
 #	sql_log
 	exec
 	Post-Auth-Type REJECT {
 		attr_filter.access_reject
 	}
 }
 EOF
 
 # 启动freeradius
 service freeradius start
 
 # 测试freeradius
 radtest $RADIUS_USER $RADIUS_PASSWORD localhost 0 $RADIUS_NAS_PASSWORD
	#!/bin/bash
	#
	# 需要预先修改一下变量
	RADIUS_USER=your_username
	RADIUS_PASSWORD=your_very_secure_password
	RADIUS_NAS_PASSWORD=testing123

	# 安装必要的软件包, freeradius-2.1.12+dfsg-1.2ubuntu8
	apt-get install -y freeradius

	# 修改users
	cp /etc/freeradius/users /etc/freeradius/users.old
	cat > /etc/freeradius/users <<EOF
	$RADIUS_USER Cleartext-Password := "$RADIUS_PASSWORD"
	EOF

	# 修改radiusd.conf
	cp /etc/freeradius/radiusd.conf /etc/freeradius/radiusd.conf.old
	cat > /etc/freeradius/radiusd.conf <<EOF
	prefix = /usr
	exec_prefix = /usr
	sysconfdir = /etc
	localstatedir = /var
	sbindir = \${exec_prefix}/sbin
	logdir = /var/log/freeradius
	raddbdir = /etc/freeradius
	radacctdir = \${logdir}/radacct
	name = freeradius
	confdir = \${raddbdir}
	run_dir = \${localstatedir}/run/\${name}
	db_dir = \${raddbdir}

	libdir = /usr/lib/freeradius
	pidfile = \${run_dir}/\${name}.pid

	user = freerad
	group = freerad

	max_request_time = 30
	cleanup_delay = 5
	max_requests = 65536

	listen {
	type = auth
	ipaddr = *
	port = 1812
	}

	listen {
	ipaddr = *
	port = 1813
	type = acct
	}

	hostname_lookups = no
	allow_core_dumps = no
	regular_expressions = yes
	extended_expressions = yes

	log {
	destination = files
	file = \${logdir}/radius.log
	syslog_facility = daemon
	stripped_names = no
	auth = no
	auth_badpass = no
	auth_goodpass = no
	}

	checkrad = \${sbindir}/checkrad
	security {
	max_attributes = 200
	reject_delay = 1
	status_server = yes
	}

	proxy_requests = no
	\$INCLUDE clients.conf

	thread pool {
	start_servers = 5
	max_servers = 32
	min_spare_servers = 3
	max_spare_servers = 10
	max_requests_per_server = 0
	}

	modules {
	\$INCLUDE \${confdir}/modules/
	\$INCLUDE eap.conf
	}

	instantiate {
	exec
	expr
	expiration
	logintime
	}

	\$INCLUDE policy.conf
	\$INCLUDE sites-enabled/
	EOF

	# 修改clients.conf
	cp /etc/freeradius/clients.conf /etc/freeradius/clients.conf.old
	cat >/etc/freeradius/clients.conf <<EOF
	client 127.0.0.1 {
	secret = $RADIUS_NAS_PASSWORD
	}
	EOF

	# 设置sites
	rm /etc/freeradius/sites-enabled/*
	cat > /etc/freeradius/sites-enabled/my.conf <<EOF
	authorize {
	preprocess
	chap
	mschap
	digest
	suffix
	eap {
	ok = return
	}
	files
	# sql
	expiration
	logintime
	pap
	}

	authenticate {
	Auth-Type PAP {
	pap
	}
	Auth-Type CHAP {
	chap
	}
	Auth-Type MS-CHAP {
	mschap
	}
	digest
	eap
	}


	preacct {
	preprocess
	acct_unique
	suffix
	files
	}

	#
	# Accounting. Log the accounting data.
	#
	accounting {
	detail
	#unix
	radutmp
	# sql
	if (noop) {
	ok
	}
	exec
	attr_filter.accounting_response
	}

	session {
	radutmp

	#
	# See "Simultaneous Use Checking Queries" in sql.conf
	# sql
	}


	post-auth {
	# sql
	# sql_log
	exec
	Post-Auth-Type REJECT {
	attr_filter.access_reject
	}
	}
	EOF

	# 启动freeradius
	service freeradius start

	# 测试freeradius
	radtest $RADIUS_USER $RADIUS_PASSWORD localhost 0 $RADIUS_NAS_PASSWORD