Linux(centos7.9)搭建Radius服务器
<p><span style="font-size: 18px"><strong>一、Radius是什么</strong></span></p><ul>
<li> Radius认证是一种应用最广泛的AAA协议,即认证(Authentication)、授权(Authorization)和计费(Accounting),是网络安全中进行访问控制的一种安全管理机制。Radius是一种C/S结构的协议,该协议认证机制灵活,简单明确,可扩充,可以采用PAP、CHAP或者Unix登录认证等多种方式。</li>
<li>协议定义了基于UDP的RADIUS报文格式及其传输机制,并规定UDP端口1812、1813分别作为认证、计费端口。</li>
</ul>
<p><img src="https://img2023.cnblogs.com/blog/2992980/202305/2992980-20230509110451428-1816807227.jpg" alt="" width="511" height="186" loading="lazy" style="display: block; margin-left: auto; margin-right: auto"></p>
<p> </p>
<p><span style="font-size: 18px"><strong>二、linux搭建Radius服务器</strong></span></p>
<p> </p>
<p><em>以下服务器信息为该文档安装Radius服务环境</em></p>
<p> </p>
<p><em>服务器信息:CentOS7 </em></p>
<p> </p>
<p><em>内核版本:3.10.0-1160.el7.x86_64</em></p>
<p> </p>
<p><span style="font-size: 16px">1.使用yum进行安装</span></p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 255, 1)">yum</span> <span style="color: rgba(0, 0, 255, 1)">install</span> -y freeradius freeradius-mysql freeradius-utils</pre>
</div>
<p><span style="font-size: 16px"> </span></p>
<p><span style="font-size: 16px">2.安装完毕后,检查服务运行状态</span></p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 255, 1)">ps</span> -ef|<span style="color: rgba(0, 0, 255, 1)">grep</span> radius</pre>
</div>
<p><img src="https://img2023.cnblogs.com/blog/2992980/202305/2992980-20230509101249070-748949346.png" alt="" width="865" height="74" loading="lazy"></p>
<p><span style="font-size: 14px"> 如果未启动成功,自行手工启动</span></p>
<div class="cnblogs_code">
<pre>systemctl start radiusd.service</pre>
</div>
<p> </p>
<p><span style="font-size: 16px">3.测试能否正常运行</span></p>
<ul>
<li style="text-align: left"><span style="font-size: 14px">启动Radius服务</span></li>
</ul>
<div class="cnblogs_code">
<pre>radiusd -X</pre>
</div>
<p><span style="font-size: 14px"><em>注:如果启动失败,大概率是1812端口被占用(如下图)</em></span></p>
<p><img src="https://img2023.cnblogs.com/blog/2992980/202305/2992980-20230509102031364-1994843960.png" alt="" width="893" height="44" loading="lazy"></p>
<ul>
<li><span style="font-size: 14px">本机测试</span></li>
</ul>
<div class="cnblogs_code">
<pre>radtest testing password localhost <span style="color: rgba(128, 0, 128, 1)">0</span> testing123<br><em>注:radtest命令由5个参数组成,第一个参数为用户名(testing),第二个参数为密码(password),第三个参数为服务器IP地址(localhost),第四个参数为NAS端口(0),第五个参数为共享密钥(testing123)</em></pre>
</div>
<p><span style="font-size: 14px">如果出现下图则代表安装成功</span></p>
<p><img src="https://img2023.cnblogs.com/blog/2992980/202305/2992980-20230509102411077-1753279871.png" alt="" width="888" height="189" loading="lazy"></p>
<p> </p>
<p><span style="font-size: 16px">4.配置freeradius</span></p>
<ul>
<li><span style="font-size: 14px">修改clients.conf文件</span></li>
</ul>
<div class="cnblogs_code">
<pre>vim /etc/raddb/clients.conf</pre>
</div>
<p><span style="font-size: 14px">添加下图内容,192.168.13.0/24代表允许该网段访问,testing123为Radius的秘钥</span></p>
<p><img src="https://img2023.cnblogs.com/blog/2992980/202305/2992980-20230509103516141-470530019.png" alt="" loading="lazy"></p>
<ul>
<li><span style="font-size: 14px">添加用户</span></li>
</ul>
<div class="cnblogs_code">
<pre>vim /etc/raddb/users</pre>
</div>
<p><span style="font-size: 14px">添加如下内容</span></p>
<p><span style="font-size: 14px">DEFAULT Auth-Type := "Accept" 表示允许任意账号密码可以认证使用</span></p>
<p><span style="font-size: 14px">test Cleartext-Password:= "123456" 表示指定账号密码可以认证使用</span></p>
<p><img src="https://img2023.cnblogs.com/blog/2992980/202305/2992980-20230509103750345-1617604153.png" alt="" loading="lazy"></p>
<p><span style="font-size: 14px">重启服务,让配置生效,Radius服务器最基础的功能已配置完毕。</span></p>
<p> </p>
<p><span style="font-size: 18px"><strong>三、Radius服务器验证原理</strong></span></p>
<p><span style="font-size: 16px">1.工作原理</span></p>
<p><img src="https://img2023.cnblogs.com/blog/2992980/202305/2992980-20230509110248617-479624934.png" alt="" loading="lazy" style="display: block; margin-left: auto; margin-right: auto"></p>
<p> </p>
<p><span style="font-size: 16px">2.RADIUS报文格式</span></p>
<p><span style="font-size: 14px">RADIUS是一种可扩展的协议,所有的交互报文由多个不同长度的ALV(Attribute-Length-Value)三元组组成,新增加属性和属性值不会破坏到协议的原有实现。因此RADIUS协议也支持设备厂商扩充厂家专有属性。</span></p>
<p><img src="https://img2023.cnblogs.com/blog/2992980/202305/2992980-20230509110322844-1893516229.png" alt="" width="509" height="108" loading="lazy" style="display: block; margin-left: auto; margin-right: auto"></p>
<p> 下图为Radius服务器的一次验证过程</p>
<p><img src="https://img2023.cnblogs.com/blog/2992980/202305/2992980-20230509110734074-1923181976.png" alt="" width="721" height="425" loading="lazy" style="display: block; margin-left: auto; margin-right: auto"></p>
<p>所有内容只为了记录搭建和学习过程,部分内容源于网络。</p>
<p>想要了解更详细的工作原理,推荐访问下方连接</p>
<p>https://blog.csdn.net/m0_73245452/article/details/126481854?ops_request_misc=&request_id=&biz_id=102&utm_term=radius%E6%9C%8D%E5%8A%A1%E5%99%A8&utm_medium=distribute.pc_search_result.none-task-blog-2~all~sobaiduweb~default-4-126481854.142^v86^insert_down38v5,239^v2^insert_chatgpt&spm=1018.2226.3001.4187</p>
<p>https://blog.csdn.net/qq_38265137/article/details/90723140</p><br><br>
来源:https://www.cnblogs.com/Mourinkun/p/17384332.html
頁:
[1]