FreeRadius 搭建及操作

1.安装 freeradius

apt install freeradius freeradius-ldap

2.测试 freeradius

2.1 停止服务

安装成功后会启动 redius 服务器，需要手动执行停止服务，便于后续操作

service freeradius stop

2.2 配置用户

修改配置文件配置文件所在路由 /etc/freeradius/

修改 users 文件，把默认注释掉的用户，取消注释，客户端便可使用此用户连接服务器

steve   Cleartext-Password := "testing"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 172.16.3.33,
        Framed-IP-Netmask = 255.255.255.0,
        Framed-Routing = Broadcast-Listen,
        Framed-Filter-Id = "std.ppp",
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobsen-TCP-IP

也可增加用户

# On no match, the user is denied access.
test1   Cleartext-Password := "123456"
test2   Cleartext-Password := "654321"

2.3开启服务

使用 service freeradius start 或 freeradius -X 启动服务，-X 是调试模式

service freeradius start
freeradius -X

2.4测试

打开一个控制台，执行

radtest steve testing localhost 1812 testing123

其中参数分别 steven->用户名、tesdting->密码、localhost ->IP、1812->端口、testing123->key（key是/clients.conf中的secret），操作及返回如下：

root@localhost:~# radtest steve testing localhost 1812 testing123
Sent Access-Request Id 91 from 0.0.0.0:41321 to 127.0.0.1:1812 length 75
    User-Name = "steve"
    User-Password = "testing"
    NAS-IP-Address = 127.0.0.1
    NAS-Port = 1812
    Cleartext-Password = "testing"
Received Access-Accept Id 91 from 127.0.0.1:1812 to 127.0.0.1:41321 length 89
    Message-Authenticator = 0x60d52e64c374d6fc3f6c36410247a557
    Service-Type = Framed-User
    Framed-Protocol = PPP
    Framed-IP-Address = 172.16.3.33
    Framed-IP-Netmask = 255.255.255.0
    Framed-Routing = Broadcast-Listen
    Filter-Id = "std.ppp"
    Framed-MTU = 1500
    Framed-Compression = Van-Jacobson-TCP-IP

3.配置远程可访问

修改 clinet.conf 文件，添加客户端配置

client 0.0.0.0/0 {
        secret          = testing123
}

4.java 操作 freeradius

4.1pom 依赖

<dependency>
    <groupId>com.globalreachtech</groupId>
    <artifactId>tinyradius-netty</artifactId>
    <version>1.5.12</version>
</dependency>

<dependency>
    <groupId>org.tinyradius</groupId>
    <artifactId>tinyradius</artifactId>
    <version>1.1.3</version>
</dependency>

4.2连接

@Test
public void testConnection() throws Exception {
    String host = "192.168.3.205";
    String shared = "testing123";
    String user = "steve";
    String pass = "testing";
    RadiusClient rc = null;
    try {
        rc = new RadiusClient(host, shared);
        rc.setSocketTimeout(3);
        rc.setAuthPort(1812);
        AccessRequest accessRequest = new AccessRequest(user, pass);
        accessRequest.setAuthProtocol("chap");

        RadiusPacket authenticate = rc.authenticate(accessRequest);

        if (authenticate.getPacketType() == 2) {
            System.out.println("radius 认证通过！");
        } else {
            System.out.println("radius 认证不通过！");
        }
        ;
    } finally {
        if (rc != null) {
            rc.close();
        }
    }
}