-
Notifications
You must be signed in to change notification settings - Fork 125
/
radius_for_ocserv.sh
187 lines (176 loc) · 7.59 KB
/
radius_for_ocserv.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
#!/bin/bash
function centos1_ntp(){
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
yum -y install ntp
service ntpd restart
cd /root
echo '0-59/10 * * * * /usr/sbin/ntpdate -u cn.pool.ntp.org' >> /tmp/crontab.back
crontab /tmp/crontab.back
systemctl restart crond
yum install net-tools -y
yum install epel-release -y
systemctl stop firewalld
systemctl disable firewalld
yum install lynx wget expect iptables -y
}
function set_shell_input1() {
sqladmin=0p0o0i0900
yum install lynx -y
public_ip=`lynx --source www.monip.org | sed -nre 's/^.* (([0-9]{1,3}\.){3}[0-9]{1,3}).*$/\1/p'`
#解决ssh访问慢的问题,可以安装完脚本后手工重启ssh
sed -i "s/GSSAPIAuthentication yes/GSSAPIAuthentication no/g" /etc/ssh/sshd_config
alias cp='cp'
yum groupinstall "Development tools" -y
yum install wget vim expect telnet net-tools httpd mariadb-server php php-mysql php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel -y
yum install freeradius freeradius-mysql freeradius-utils -y
systemctl restart mariadb
systemctl restart httpd
}
#配置radius数据库并导入数据
function set_mysql2() {
systemctl restart mariadb
sleep 3
mysqladmin -u root password ""${sqladmin}""
mysql -uroot -p${sqladmin} -e "create database radius;"
mysql -uroot -p${sqladmin} -e "grant all privileges on radius.* to radius@localhost identified by 'p0radius_0p';"
mysql -uradius -p'p0radius_0p' radius < /etc/raddb/mods-config/sql/main/mysql/schema.sql
systemctl restart mariadb
}
function set_freeradius3(){
ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
sed -i "s/auth = no/auth = yes/g" /etc/raddb/radiusd.conf
sed -i "s/auth_badpass = no/auth_badpass = yes/g" /etc/raddb/radiusd.conf
sed -i "s/auth_goodpass = no/auth_goodpass = yes/g" /etc/raddb/radiusd.conf
sed -i "s/\-sql/sql/g" /etc/raddb/sites-available/default
#在查找到的session {字符串后面插入内容
sed -i '/session {/a\ sql' /etc/raddb/sites-available/default
sed -i 's/driver = "rlm_sql_null"/driver = "rlm_sql_mysql"/g' /etc/raddb/mods-available/sql
#查找到字符串,去掉首字母为的注释#
sed -i '/read_clients = yes/s/^#//' /etc/raddb/mods-available/sql
sed -i '/dialect = "sqlite"/s/^#//' /etc/raddb/mods-available/sql
sed -i 's/dialect = "sqlite"/dialect = "mysql"/g' /etc/raddb/mods-available/sql
sed -i '/server = "localhost"/s/^#//' /etc/raddb/mods-available/sql
sed -i '/port = 3306/s/^#//' /etc/raddb/mods-available/sql
sed -i '/login = "radius"/s/^#//' /etc/raddb/mods-available/sql
sed -i '/password = "radpass"/s/^#//' /etc/raddb/mods-available/sql
sed -i 's/password = "radpass"/password = "p0radius_0p"/g' /etc/raddb/mods-available/sql
systemctl restart radiusd
sleep 3
}
function set_daloradius4(){
cd /var/www/html/
wget http://180.188.197.212/down/daloradius-0.9-9.tar.gz >/dev/null 2>&1
tar xzvf daloradius-0.9-9.tar.gz
mv daloradius-0.9-9 daloradius
chown -R apache:apache /var/www/html/daloradius/
chmod 664 /var/www/html/daloradius/library/daloradius.conf.php
cd /var/www/html/daloradius/
mysql -uradius -p'p0radius_0p' radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql
mysql -uradius -p'p0radius_0p' radius < contrib/db/mysql-daloradius.sql
sleep 3
sed -i "s/\['CONFIG_DB_USER'\] = 'root'/\['CONFIG_DB_USER'\] = 'radius'/g" /var/www/html/daloradius/library/daloradius.conf.php
sed -i "s/\['CONFIG_DB_PASS'\] = ''/\['CONFIG_DB_PASS'\] = 'p0radius_0p'/g" /var/www/html/daloradius/library/daloradius.conf.php
yum -y install epel-release
yum -y install php-pear-DB
systemctl restart mariadb.service
systemctl restart radiusd.service
systemctl restart httpd
chmod 644 /var/log/messages
chmod 755 /var/log/radius/
chmod 644 /var/log/radius/radius.log
touch /tmp/daloradius.log
chmod 644 /tmp/daloradius.log
chown -R apache:apache /tmp/daloradius.log
}
function set_fix_radacct_table5(){
cd /tmp
sleep 3
wget http://180.188.197.212/down/radacct_new.sql.tar.gz
tar xzvf radacct_new.sql.tar.gz
mysql -uradius -p'p0radius_0p' radius < /tmp/radacct_new.sql
rm -rf radacct_new.sql.tar.gz
rm -rf radacct_new.sql
systemctl restart radiusd
}
function set_iptables6(){
cat >> /etc/rc.local <<EOF
systemctl start mariadb
systemctl start httpd
systemctl start radiusd
iptables -I INPUT -p tcp --dport 9090 -j ACCEPT
EOF
systemctl start mariadb
systemctl start httpd
systemctl start radiusd
iptables -I INPUT -p tcp --dport 9090 -j ACCEPT
}
function set_web_config7(){
echo "
Listen 9090
<VirtualHost *:9090>
DocumentRoot "/var/www/html/daloradius"
ServerName daloradius
ErrorLog "logs/daloradius-error.log"
CustomLog "logs/daloradius-access.log" common
</VirtualHost>
" >> /etc/httpd/conf/httpd.conf
cd /var/www/html/
rm -rf *
wget http://180.188.197.212/down/daloradius20180418.tar.gz
tar xzvf daloradius20180418.tar.gz
rm -rf daloradius20180418.tar.gz
chown -R apache:apache /var/www/html/daloradius
service httpd restart
mkdir /usr/mysys/
cd /usr/mysys/
wget http://180.188.197.212/down/dbback.tar.gz
tar xzvf dbback.tar.gz
rm -rf dbback.tar.gz
echo 'mysql -uradius -pp0radius_0p -e "UPDATE radius.radacct SET acctstoptime = acctstarttime + acctsessiontime WHERE ((UNIX_TIMESTAMP(acctstarttime) + acctsessiontime + 240 - UNIX_TIMESTAMP())<0) AND acctstoptime IS NULL;"' >> /usr/mysys/clearsession.sh
chmod +x /usr/mysys/clearsession.sh
echo '0-59/10 * * * * /usr/mysys/clearsession.sh' >> /tmp/crontab.back
echo '0 0 1 * * /usr/mysys/dbback/backup_radius_db.sh' >> /tmp/crontab.back
crontab /tmp/crontab.back
systemctl restart crond
}
function set_radiusclient8(){
yum install radiusclient-ng -y
echo "localhost testing123" >> /etc/radiusclient-ng/servers
echo "switch auth to radius"
sed -i "s/#auth = \"radius\[config=\/etc\/radiusclient-ng\/radiusclient.conf,groupconfig=true\]\"/auth = \"radius\[config=\/etc\/radiusclient-ng\/radiusclient.conf,groupconfig=true\]\"/g" /etc/ocserv/ocserv.conf
sed -i "s/#acct = \"radius\[config=\/etc\/radiusclient-ng\/radiusclient.conf\]\"/acct = \"radius\[config=\/etc\/radiusclient-ng\/radiusclient.conf\]\"/g" /etc/ocserv/ocserv.conf
sed -i "s/auth = \"plain\[passwd=\/etc\/ocserv\/ocpasswd\]\"/#auth = \"plain\[passwd=\/etc\/ocserv\/ocpasswd\]\"/g" /etc/ocserv/ocserv.conf
systemctl restart ocserv
#
echo "==========================================================================
Centos7 VPN 安装完成
以下信息将自动保存到/root/info.txt文件中
mysql root用户密码:0p0o0i0900
VPN 账号管理后台地址:http://$public_ip:9090
账号:administrator 密码:radius
如果使用Raidus 认证需要修改ocserv.conf 配置文件,本脚本已经修改
修改过程如下:
1、需要注释/etc/ocserv/ocserv.conf文件中的下面行密码认证行
auth = "plain[passwd=/etc/ocserv/ocpasswd]"
#下面的方法是使用radius验证用户,如果使用radius,请注释上面的密码验证
#auth = "radius[config=/etc/radiusclient-ng/radiusclient.conf,groupconfig=true]"
#下面这句加上之后,daloradius在线用户中可以看到用户在线
#acct = "radius[config=/etc/radiusclient-ng/radiusclient.conf]"
修改完成之后执行systemctl restart ocserv 命令重启ocserv
==========================================================================" > /root/info.txt
cat /root/info.txt
exit;
}
function shell_install() {
centos1_ntp
set_shell_input1
set_mysql2
set_freeradius3
set_daloradius4
set_fix_radacct_table5
set_iptables6
set_web_config7
set_radiusclient8
}
shell_install