【www.bbyears.com--CentOS】
折腾了好几天,查阅了很多资料,终于搞定了,泪牛满面,下面记录详细操作过程!注:测试环境为CENTOS5.8 x86
安装PPTP
直接使用赵蓉的PPTP一键安装包即可
代码如下 wget http://dl.zrblog.net/pptpd.sh;sh pptpd.sh;
安装LNMP
本人使用的是AMH4.2,也是一键安装包
代码如下 wget http://amysql.com/file/AMH/4.2/amh.sh; chmod 775 amh.sh; ./amh.sh 2>&1 | tee amh.log;安装PEAR
AMH安装好后不带PEAR,而DaloRADIUS需要PEAR的DB插件
代码如下 wget http://pear.php.net/go-pear.phar;php go-pear.phar;一路回车即可
代码如下 /usr/local/php/bin/pear install DB安装好DB插件
添加虚拟主机
登录AMH后台,安装自带的AMChroot模块,然后新建虚拟主机,进AMChroot把刚刚新建的主机设为兼容模式。因为自带的权限管理很严,导致无法调用pear插件,折腾了好几晚上……
安装DaloRADIUS
代码如下 wget http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz;tar xvzf daloradius-0.9-9.tar.gz;mv daloradius-0.9-9/* /home/wwwroot/换成刚刚建立虚拟主机的域名/web配置DaloRADIUS
用phpmyadmin新建一个数据库,然后导入./contrib/db/fr2-mysql-daloradius-and-freeradius.sql
编辑./library/daloradius.conf.php
代码如下 $configValues["CONFIG_DB_HOST"] = "localhost";$configValues["CONFIG_DB_PORT"] = "3306";
$configValues["CONFIG_DB_USER"] = "数据库用户名";
$configValues["CONFIG_DB_PASS"] = "数据库密码";
$configValues["CONFIG_DB_NAME"] = "数据库名称";
$configValues["CONFIG_PATH_DALO_VARIABLE_DATA"] = "/home/wwwroot/换成刚刚建立虚拟主机的域名/web/var";
安装FreeRADIUS(SERVER)
安装CLIENT
配置FreeRADIUS
编辑usr/local/etc/radiusclient/servers,尾部添加
代码如下 127.0.0.1 XXVPN编辑/usr/local/etc/radiusclient/dictionary,删除最后一行,然后添加
代码如下 INCLUDE /usr/local/etc/radiusclient/dictionary.microsoftINCLUDE /usr/local/etc/radiusclient/dictionary.merit
编辑/etc/raddb/clients.conf,把client localhost段下的secret改成XXVPN
编辑/etc/raddb/radiusd.conf,找到$INCLUDE sql.conf,去掉前面的#;找到$INCLUDE sql/mysql/counter.conf,去掉前面的#
编辑/etc/raddb/sql.conf,配置login(用户名),password(密码),radius_db(数据库名)等字段
编辑/etc/raddb/sites-enabled/default
代码如下 authorize段,关掉files、unix,打开sqlpreacct段,关掉files
accounting段,打开sql,关掉unix
session段,打开sql
post-auth段,打开sql
pre-proxy段,关掉files
配置PPTP
编辑/etc/ppp/options.pptpd,尾部添加
代码如下 plugin radius.soplugin radattr.so
radius-config-file /usr/local/etc/radiusclient/radiusclient.conf
流量控制
编辑/etc/raddb/sql/mysql/counter.conf,尾部添加
代码如下 sqlcounter monthlytrafficcounter {counter-name = Monthly-Traffic
check-name = Max-Monthly-Traffic
reply-name = Monthly-Traffic-Limit
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM radacct WHERE UserName="%{%k}" AND UNIX_TIMESTAMP(AcctStartTime) > "%b""
}
上面代码意思是按月进行统计,从数据库的radacct表中,根据用户名(%k)将所有入站和出站流量累加。
时间也是可以自定义的(months、weeks、days、hours),也可以指定具体值,如三天重置一次 "reset = 3 d"
编辑/etc/raddb/sites-enabled/default,在authorize区块的末尾添加“monthlytrafficcounter”
编辑/etc/raddb/dictionary,尾部添加
代码如下 ATTRIBUTE Max-Monthly-Traffic 3003 integerATTRIBUTE Monthly-Traffic-Limit 3004 integer
进入phpmyadmin,执行SQL
代码如下 INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ("user","Mikrotik-Rate-Limi",":=","512k/1M");INSERT INTO radgroupreply (groupname,attribute,op,VALUE) VALUES ("user","Acct-Interim-Interval",":=","300");
INSERT INTO radgroupcheck (groupname,attribute,op,VALUE) VALUES ("user","Simultaneous-Use",":=","1");
INSERT INTO radgroupcheck (groupname,attribute,op,VALUE) VALUES ("user","Max-Monthly-Traffic",":=","1073741824");
用户断线检测脚本
MYSQL_PASS=XXXXXXXXXX
/usr/local/mysql/bin/mysql -uroot -p$MYSQL_PASS -e "UPDATE 数据库名称.radacct SET acctstoptime = acctstarttime + acctsessiontime WHERE ((UNIX_TIMESTAMP(acctstarttime) + acctsessiontime + 240 - UNIX_TIMESTAMP())<0) AND acctstoptime IS NULL;"
多线路限制
修改/etc/raddb/sites-enabled/defalut,在authorize区块中添加
代码如下update request {
Group-Name := "%{sql:SELECT groupname FROM radusergroup WHERE username="%{User-Name}" ORDER BY priority}"
}
if (Group-Name && "%{sql:SELECT count(value) FROM radgroupcheck WHERE groupname="%{Group-Name}" AND attribute="NAS-IP-Address"}") {
if ("%{sql:SELECT count(value) FROM radgroupcheck WHERE groupname="%{Group-Name}" AND value="%{NAS-IP-Address}"}" < 1) {
reject
}
}