Настройка Mysql сервера:
cd /usr/ports/databases/mysql55-server
make install clean
echo 'mysql_enable="YES"' >> /etc/rc.conf
mysql -uroot
create database radius;
use radius;
CREATE TABLE calls (
status int(3),
user_name char(32),
event_date_time datetime DEFAULT '0000-00-00 00:00:00' NOT NULL,
nas_ip_address char(17),
nas_port_id int(6),
acct_session_id char(16) DEFAULT '' NOT NULL,
acct_session_time int(11),
acct_input_octets int(11),
acct_output_octets int(11),
connect_term_reason int(4),
framed_ip_address char(17),
called_station_id char(32),
calling_station_id char(32)
);
Настройка радиуса:
cd /usr/ports/net/gnu-radius
make config (Тут собираем с поддержкой mysql)
make install clean
echo 'radiusd_enable="YES"' >> /etc/rc.conf
В /usr/local/etc/raddb/sqlserver должны быть запросы следующего вида:
# Query to be used on session start
acct_start_query INSERT INTO calls \
VALUES(%C{Acct-Status-Type},\
'%u',\
'%G',\
'%C{NAS-IP-Address}',\
%C{NAS-Port-Id},\
'%C{Acct-Session-Id}',\
0,\
0,\
0,\
0,\
'%C{Framed-IP-Address}',\
'%C{Called-Station-Id}',\
'%C{Calling-Station-Id}')
# Query to be used on session end
acct_stop_query UPDATE calls \
SET status=%C{Acct-Status-Type},\
acct_session_time=%C{Acct-Session-Time},\
acct_input_octets=%C{Acct-Input-Octets},\
acct_output_octets=%C{Acct-Output-Octets},\
connect_term_reason=%C{Acct-Terminate-Cause} \
WHERE user_name='%C{User-Name}' \
AND status = 1 \
AND acct_session_id='%C{Acct-Session-Id}'
acct_alive_query UPDATE calls \
SET acct_session_time=%C{Acct-Session-Time},\
acct_input_octets=%C{Acct-Input-Octets},\
acct_output_octets=%C{Acct-Output-Octets},\
framed_ip_address=%C{Framed-IP-Address} \
WHERE user_name='%C{User-Name}' \
AND status = 1 \
AND acct_session_id='%C{Acct-Session-Id}'
И делаем такие записи:
interface mysql
Пробовал на руте с пустым паролем
server localhost
port 3306
login root
password
Выключаем аутентификацию
# Enable/Disable Mysql authentication: default no
doauth no
Включаем аккаунтинг:
# Enable/Disable Mysql accounting: default no
doacct yes
База в MySQL:
# accounting database name
acct_db radius
Клиент, секрет и порты:
ee client.conf
server cisco 192.168.44.67 123456 1812 1813
source_ip 192.168.45.45
timeout 10
retry 5
Клиент с "секретом":
ee clients
192.168.44.67/24 123456
Словари:
ee dictionary
# Do not remove this!
$INCLUDE dict/standard
$INCLUDE dict/cisco # Cisco
$INCLUDE dict/voip # Special attributes to be used
# with rewriting functions
Закомментировал ввиду возникновения в логах ошибки типа: Guile authentication disabled in config
ee hints
#DEFAULT Rewrite-Function = restore_nas_ip Fall-Through = Yes
Код обмена баннерами