VYOS容器运行DaloRadius实现AAA认证登录
整体架构
freeradius 提供AAA认证服务
mysql 提供用户认证授权信息存储
daloradius 提供Web界面管理用户认证授权信息
mysql
添加镜像
add container image mysql:5.6
配置
set container name mysql56 description 'mysql56'
set container name mysql56 image 'docker.io/library/mysql:5.6'
set container name mysql56 allow-host-networks
set container name mysql56 cap-add 'net-admin'
set container name mysql56 cap-add 'net-bind-service'
set container name mysql56 cap-add 'sys-time'
set container name mysql56 cap-add 'sys-admin'
set container name mysql56 cap-add 'net-raw'
set container name mysql56 restart 'always'
set container name mysql56 environment 'MYSQL_ROOT_PASSWORD' value 'root123345678'
set container name mysql56 environment 'MYSQL_ROOT_HOST' value '%'
freeradius-mysql-daloradius
https://hub.docker.com/r/asdaru/freeradius-mysql-daloradius
GitHub 上Dockerfile
https://github.com/asdaru/freeradius-mysql-daloradius
配置命令
add container image asdaru/freeradius-mysql-daloradius:nomysql
set container name daloradius description 'daloradius'
set container name daloradius image 'asdaru/freeradius-mysql-daloradius:nomysql'
set container name daloradius allow-host-networks
set container name daloradius cap-add 'net-admin'
set container name daloradius cap-add 'net-bind-service'
set container name daloradius cap-add 'sys-time'
set container name daloradius cap-add 'sys-admin'
set container name daloradius cap-add 'net-raw'
set container name daloradius restart 'always'
set container name daloradius environment CLIENT_SECRET value 'freeradius'
set container name daloradius environment CLIENT_NET value '0.0.0.0/0'
set container name daloradius environment RADIUS_DB_SERVER value '127.0.0.1'
set container name daloradius environment RADIUS_DB_USER value 'root'
set container name daloradius environment RADIUS_DB_PWD value 'root123345678'
默认账户密码
administrator / radius
配置详细
隐藏密码信息
测试验证
添加用户
用户名密码:
| username |
attribute |
op |
value |
| taylorg |
Cleartext-Password |
:= |
123456 |
Reply属性:
| username |
attribute |
op |
value |
| taylorg |
Cisco-AVPair |
= |
shell:priv-lvl=15 |
vyos配置用户登录Radius
set system login radius server 192.168.75.13 key 'freeradius'
登录认证
login as: test2
[email protected]'s password:
Creating directory '/home/test2'.
Last login: Mon Jan 13 17:52:38 2025 from 192.168.75.31
test2@GZ-test241:~$