关于OpenVPN和L2TP整合freeradius验证的帖子都已经写出来了,今天公司VPN增添两台PPTP的服务器,这个帖子就贴出配置过程以便以后备用,希望全文章对各位朋友也会有帮助。
本帖的配置环境为CentOS5 32bit,配置安装PPTP的过程就不写了,如果不会请在本博客自行搜索,下面贴出整合freeradius需要进行的配置:
pptp客户端配置部分
| 代码如下 |
|
|
wget http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/radiusclient-0.3.2-0.2.el5.rf.i386.rpm
rpm -i radiusclient-0.3.2-0.2.el5.rf.i386.rpm
|
vim /etc/radiusclient/servers
| 代码如下 |
|
|
#Server Name or Client/Server pair Key
#---------------- ---------------
#portmaster.elemental.net hardlyasecret
#portmaster2.elemental.net donttellanyone
YOUR_RADIUS_SERVER_HOSTNAME_OR_IP YOUR_RADIUS_SERVER_SECRET
|
vim /etc/radiusclient/radiusclient.conf
| 代码如下 |
|
|
auth_order radius,local
login_tries 4
login_timeout 60
nologin /etc/nologin
issue /etc/radiusclient/issue www.111cn.net
authserver RADIUS_SERVER_IP_OR_HOSTNAME:1812
acctserver RADIUS_SERVER_IP_OR_HOSTNAME:1813
servers /etc/radiusclient/servers
dictionary /etc/radiusclient/dictionary
login_radius /usr/sbin/login.radius
seqfile /var/run/radius.seq
mapfile /etc/radiusclient/port-id-map
default_realm
radius_timeout 10
radius_retries 3
login_local /bin/login
cd /etc/radiusclient/
wget http://safesrv.net/public/dictionary.microsoft.zip
unzip dictionary.microsoft.zip
|
vim /etc/radiusclient/dictionary
加入下面的字段:
| 代码如下 |
|
|
INCLUDE /etc/radiusclient/dictionary.microsoft
INCLUDE /etc/radiusclient/dictionary.ascend
INCLUDE /etc/radiusclient/dictionary.compat
INCLUDE /etc/radiusclient/dictionary.merit
|
vim /etc/ppp/options.pptpd
加入:
| 代码如下 |
|
|
plugin radius.so
plugin radattr.so
service pptpd restart
chkconfig pptpd on
|
freeradius添加认证客户端
vim /etc/raddb/clients.conf
| 代码如下 |
|
|
client VPN Server IP HERE {
secret = YOUR SECRET HERE
shortname = yourVPN
nastype = other
}
|
