OSSH华为Portal调试笔记(5)

来源：网络收集时间：2026-04-12

导读：创建组 mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local'); mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Servic

创建组

mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Auth-Type',':=','Local');

mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Service-Type',':=','Framed-User');

mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Address',':=','255.255.255.254');

mysql> insert into radgroupreply (groupname,attribute,op,value) values ('user','Framed-IP-Netmask',':=','255.255.255.0');

创建测试账号

mysql> insert into radcheck (username,attribute,op,value) values ('test','User-Password',':=','test');

测试账号加入组

mysql> insert into usergroup (username,groupname) values ('test','user'); ? 启动Radius服务并测试账号启动到debug模式 # radiusd -X 测试

# radtest test test localhost 0 testing123 //能看到raidus应答说明成功 ? WEB管理的安装与配置---仅供参考，不必须配置

安装PHP

# yum install php # yum install php-mysql # yum install mod_auth_mysql 安装Apache # yum install httpd 启动Apache

# /etc/init.d/httpd restart 测试Apache

# cd /var/www/html/ # vi phpinfo.php

浏览器访问

http://192.168.0.10/phpinfo.php 拷贝dialup_admin

# cp -r /root/freeradius-1.1.8/dialup_admin/ /var/www/html/ 修改admin.conf

# vi /var/www/html/dialup_admin/conf/admin.conf sql_type:mysql

sql_server:localhost //sql地址 sql_port:3306 //默认端口 sql_username:root

sql_password:123456 //密码 sql_database:radius //数据库名

general_charset: UTF-8 //避免浏览器乱码

general_base_dir: /var/www/html/dialup_admin //dialup_admin主目录

general_domain: company.com //这个可改也可不改，没什么影响，改了还看点而已 general_radius_server_auth_proto: chap //将pap改成chap general_encryption_method: clear //将crypt改成clear

general_encryption_method: clear是必须得改的，否则用web管理界面添加用户后会出现密码被加密后无法识别导致认证失败，clear方式是以明文存储密码，freeradius默认是用明文存储密码，两者要对应，所以这里要用clear方式。修改naslist.conf

# vi /var/www/html/dialup_admin/conf/naslist.conf nas1_name: nas1.%{general_domain} nas1_model: Computer //NAS服务器的类型 nas1_ip: 192.168.1.1 //NAS服务器的IP地址 nas1_port_num: 15 nas1_community: public

其他的通通删掉或用#号注释掉，这样修改的目的是方便在web管理界面中直观的看到每个NAS服务器连接用户的情况。导入相关数据库表

# cd /var/www/html/dialup_admin/sql

mysql -uroot -p123456 radius < userinfo.sql //去掉default '0' mysql -uroot -p123456 radius < totacct.sql mysql -uroot -p123456 radius < mtotacct.sql

mysql -uroot -p123456 radius < badusers.sql //去掉default '0' 修改httpd.conf ，让其支持PHP3 # vi /etc/httpd/conf/httpd.conf 在此文件最后添加

AddType application/x-httpd-php .php .html .htm .php3 关闭Sql调试模式

# vi /var/www/html/dialup_admin/conf/admin.conf sql_debug: false 重启Httpd

# /etc/init.d/httpd restart

访问Web

http://192.168.0.10/dialup_admin/htdocs/index.html 注意

如果要对其他NAS服务器提供验证服务，只需修改/usr/local/etc/raddb下的clients.conf文件，在后面加上

client 192.168.1.1 { //IP地址修改为NAS服务器的地址

secret = testing123 //NAS服务器与Radius服务器通信的密码 shortname = NAS //这个无所谓，随便填 nastype = other }

14. 附录1-调试过程记录

Web输入用户名后，反应如下：

开启radiux调试模式 OSSH# radiuxd –X

如果开启失败，就netstat –antpul查看1812/1813所在的现成，kill掉，再启动这个命令

Listening on authentication address * port 1812 Listening on accounting address * port 1813

Listening on command file /usr/local/var/run/radiusd/radiusd.sock

Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests.

Ignoring request to authentication address * port 1812 from unknown client 127.0.0.1 port 48374

Ready to process requests.

Ignoring request to authentication address * port 1812 from unknown client 127.0.0.1 port 48374

Ready to process requests.

Ignoring request to authentication address * port 1812 from unknown client 127.0.0.1 port 48374

Ready to process requests.

Ignoring request to authentication address * port 1812 from unknown client 127.0.0.1 port 60625

Ready to process requests.

Ignoring request to authentication address * port 1812 from unknown client 127.0.0.1 port 60625

Ready to process requests.

Ignoring request to authentication address * port 1812 from unknown client 127.0.0.1 port 60625

Ready to process requests.

rad_recv: Access-Request packet from host 192.168.20.1 port 1812, id=3, length=295 User-Name = \

CHAP-Password = 0x03ca026f1a3349e9ba24a758df6caf60a9 CHAP-Challenge = 0x41d94f7d395dbf652bef1b9749a9cbb9 NAS-Port = 16394

Service-Type = Framed-User Framed-Protocol = PPP

Framed-IP-Address = 192.168.10.5 Calling-Station-Id = \ NAS-Identifier = \ NAS-Port-Type = Ethernet

NAS-Port-Id = \ Called-Station-Id = \77\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\\377\

NAS-IP-Address = 192.168.20.1

Huawei-Startup-Stamp = 1222819255

Huawei-IPHost-Addr = \ Huawei-Connect-ID = 20

Huawei-Version = \ Huawei-Product-ID = \

# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok

[chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok

++[mschap] returns noop ++[digest] returns noop

[suffix] No '@' in User-Name = \[suffix] No …… 此处隐藏：4721字，全部文档内容请下载后查看。喜欢就下载吧 ……

OSSH华为Portal调试笔记(5).doc 将本文的Word文档下载到电脑，方便复制、编辑、收藏和打印

下载这篇word文档

本文链接：https://www.jiaowen.net/wendang/434829.html（转载请注明文章来源）

上一篇：部编本人教版二年级语文上册首届汉字听写大赛题目大全
下一篇：《网页设计与制作》试卷 - 图文