Pages

Sunday, 27 November 2011

Asn RADIUS Admin(ARA)的安装指南

ARA (ASN RADIUS admin) 是一个简单但功能强大的FreeRADIUS服务器Web管理程序。它可以管理用户、用户组、网络访问服务器、查看在线用户、用户流量使用情况等等(官方介绍)。

一、下载与安装

1.1 安装 Sigma 模板引擎

请先确保PHP的pear扩展已正确安装。否则会出现“白屏”等问题。
1
2
pear channel-update pear.php.net
pear install HTML_Template_Sigma

1.2 下载、安装

1
2
3
4
yum install git
git clone git://git.asn.pl/asn/ara
mv ara/src /usr/local
ln -s /usr/local/ara/htdocs/ /var/www/ara

1.3 安装中文汉化包

1
2
3
wget http://pub.easisee.com/p/ara-zh/src.tar.gz
tar -zxf src.tar.gz
mv src/* /usr/local/ara

二、ARA 简单配置

1
2
3
cd /usr/local/ara/config
cp config.php.dist config.php
vim config.php

2.1 修改Radius数据库信息

1
2
3
$config["sql_username"]    = "radius";
$config["sql_passwd"]      = "radius";
$config["sql_db"]          = "radius";

2.2 启用用户扩展信息存储

用于保存用户的 Email、电话、地址等信息,此功能需要导入da.sql到数据库。
1
$config["sql_user_extension"]      = TRUE; //将False改为TRUE。
1
2
3
4
mysql -uroot -p123456; #连接数据库
use radius;#使用radius数据库
source /usr/local/ara/lib/sql-user-ext/da.sql; #导入表结构
grant all on radius.userinfo to radius@localhost; #增加操作userinfo表的权限

2.3 指定ARA访问权限

ALL是最大权限,可选值还有 NONE、VIEW、VIEW_ALL、EDIT。
1
$config["access_level"] = ARA_ACCESS_ALL;
这里还可以针对模块来指定权限。
1
2
$config["forbidden_modules"] = array();  #禁用某个模块
$config["allowed_modules"] = array(); #允许使用某个模块

三、ARA 用户权限配置

默认情况下,ARA用任意用户名和密码都可以登录的,这显然是很危险的。因此我们需要启用ARA自带的用户验证功能。

3.1 启用用户认证

1
2
3
$config["use_auth"] = TRUE; #启用PHP_AUTH_USER认证
$config["force_user_file"] = TRUE; #用户文件验证(users/$user.php)
$config["allow_user_file_without_pass"] = FALSE;#不允许密码为空

3.2 复制用户配文件

实例:创建管理员帐号:admin,密码:123456
1
2
3
cd /usr/local/ara/config/users
cp example.php.dist admin.php
vim admin.php
1
2
3
$ara_user["pass"] = "123456";#去掉注释,密码123456
$config["access_level"] = ARA_ACCESS_ALL;#去掉注释,权限为最大值
$config["default_access"] = TRUE;#去掉注释,默认允许使用。
同样,这里也可以针对模板来指定权限。
1
2
$config["forbidden_modules"] = array();  #禁用某个模块
$config["allowed_modules"] = array(); #允许使用某个模块 
参考资料:
1. http://labs.asn.pl/ara/wiki/install_guide
2. http://daloradius.com/
--------------------------------------------------------------------------------------

ARA (ASN RADIUS admin) – FreeRADIUS的web管理程序安装总结


ARA (ASN RADIUS admin)是一个简单而有效管理freeradius 的web程序。
安装步骤
下载安装包:
wget http://download.asn.pl/ara/ara-0.6.tar.gz
解压缩并复制src目录下的所有到安装目录
tar -zxvf ara-0.6.tar.gz
cd ara-0.6/src/
mkdir /usr/local/ara
mv * /usr/local/ara/
网页目录下建目录链接
cd /ur-website-root-directory/
ln -s /usr/local/ara/htdocs/ admin (请先在你网站的根目录下建立admin目录)
相当于访问http://urdomain.com/admin/,可以登录ara
复制配置文件,并修改
cd /usr/local/ara/config
cp config.php.dist config.php
nano config.php
主要是修改
$config["sql_username"]    = "root";
$config["sql_passwd"]      = "123456";
$config["sql_db"]          = "radius";
以及
$config["access_level"] = ARA_ACCESS_VIEW;
这里ARA_ACCESS_VIEW表示ara界面只能查看freeradius配置,如果要修改,请改成ARA_ACCESS_EDIT
root用户执行如下脚本:
pear channel-update pear.php.net
pear install HTML_Template_Sigma
如果pear不能执行,出错:
-bash: pear: command not found  参考附录文。  
另外:ara-0.6.tar.gzara-0.6srcmodulesusertransferstemplate.html有个小bug,修改下:
<!– BEGIN use_real_name2 –>
<td>
<span class=”smaller”>
<a href=”{user_realname_url}” title=”{user_descr}”>{user_realname}</a>
</span>
</td>
最后加一行
<!– END use_real_name2 –>

ARA (ASN RADIUS admin) 的登录验证机制的加入

默认安装ARA后登录验证机制是没有的,访问系统界面,提示输入用户名密码,随便输入任意用户名即可。
现在要启用ara自带的用户验证,过程如下(假设你ara安装在/usr/local/ara/):
1. 修改/usr/local/ara/config/config.php文件
1
nano /usr/local/ara/config/config.php
找到
1
$config["use_auth"] = TRUE;
确认是TRUE
找到
1
$config["force_user_file"] = FALSE;
改成
1
$config["force_user_file"] = TRUE;
开启强制用户文件验证
保存。
2. 复制用户配文件
比如你要建一个管理员帐号为admin,密码是123456,步骤如下:
1
2
3
cd /usr/local/ara/config/users
cp example.php.dist admin.php
nano admin.php
找到
1
//$ara_user["pass"] = "expass"; */
去掉注释,请修改为
1
$ara_user["pass"] = "123456";
找到
1
//$config["access_level"] = ARA_ACCESS_EDIT;
去掉注释,修改为该账户的级别
1
$config["access_level"] = ARA_ACCESS_EDIT;
找到
1
//$config["default_access"] = FALSE;
去掉注释,修改为
1
$config["default_access"] = TRUE;
保存。
这样就打开了ara自带的访问控制了。如果要定义不同用户访问不同模块,重复以上步骤,修改用户的配置文件(用户名.php)中 的$config["access_level"]、$config["forbidden_modules"] 和$config["allowed_modules"]项内容。
ara使用了PHP_AUTH_USER机制,比较恶心。如果你对radius表结构了解的话,完全可以抛弃ara,自己做界面,包括认证等。
附录文:centos下,pear模块的安装
CentOS下运行命令:
pear channel-update pear.php.net
出现错误:
-bash: pear: command not found
说明你安装php时没有把pear编译进去,只好去官方网站http://pear.php.net
官方提供了两种方式安装pear:
1. 编译php的时候加入pear配置模块。
2. go-pear方式。
我尝试了go-pear方式。
下载go-pear脚本
wget http://pear.php.net/go-pear
重命名:
mv go-pear go-pear.php
执行脚本:
php go-pear.php
Welcome to go-pear!

Go-pear will install the 'pear' command and all the files needed by
it.  This command is your tool for PEAR installation and maintenance.

Go-pear also lets you download and install the following optional PEAR
packages: PEAR_Frontend_Web-beta, PEAR_Frontend_Gtk2, MDB2.

If you wish to abort, press Control-C now, or press Enter to continue:
回车确认。
HTTP proxy (http://user:password@proxy.myhost.com:port), or Enter for none::
回车不需要代理。
Below is a suggested file layout for your new PEAR installation.  To
change individual locations, type the number in front of the
directory.  Type 'all' to change all of them or simply press Enter to
accept these locations.

 1. Installation prefix ($prefix) : /usr/local/ara
 2. Temporary files directory     : $prefix/temp
 3. Binaries directory            : $prefix/bin
 4. PHP code directory ($php_dir) : $prefix/PEAR
 5. Documentation base directory  : $php_dir/docs
 6. Data base directory           : $php_dir/data
 7. Tests base directory          : $php_dir/tests

1-7, 'all' or Enter to continue:
安装配置,选择一项修改默认值,直接回车不修改。我要改安装目录,选了1,回车。
Installation prefix ($prefix) [/usr/local/ara] :
输入目录:
/usr/loacl/pear
然后开始安装了,最后会让提示你需要修改php.ini文件,确认即可。
安装完毕,有提示:
The 'pear' command is now at your service at /usr/local/pear/bin/pear

** The 'pear' command is not currently in your PATH, so you need to
** use '/usr/local/pear/bin/pear' until you have added
** '/usr/local/pear/bin' to your PATH environment variable.
你可以把/usr/local/pear/bin/pear加入PATH环境变量,或者直接使用/usr/local/pear/bin/pear运行pear命令。
/usr/local/pear/bin/pear channel-update pear.php.net
/usr/local/pear/bin/pear install HTML_Template_Sigma
这两个命令执行ok。


 
------------

RadiusAdmin

A FreeRADIUS webinterface
RadiusAdmin is a project of mine, with the intention of being a webinterface for FreeRADIUS (mainly for user/group management). RadiusAdmin is written in PHP and works by manipulating FreeRADIUS' SQL database. Naturally, this requires that you use the rlm_sql module for authorization and/or accounting.
FreeRADIUS' database consists of the following tables:
  • radcheck
  • radreply
  • radgroupcheck
  • radgroupreply
  • radusergroup
In rlm_sql, the tables mentioned above are analogous to the users file in rlm_files.
In addition, the rlm_sql schema includes some other tables:
  • nas
  • radacct
  • radpostauth
These tables are meant for client (nas) management, accounting and post-authentication logging respectively. RadiusAdmin provides a frontend (in the case of accounting and post-auth, mostly statistics and reports) for these functions too. Of course, the again calls for the use of rlm_sql in those sections of FreeRADIUS config. For more info, please see rlm_sql's documentation.
RadiusAdmin doesn't augment or replace FreeRADIUS' default SQL schema: it just needs access to the existing database and uses another database for RadiusAdmin's own data storage needs. This is done not to pollute FreeRADIUS' database with RadiusAdmin's own stuff.

(Planned) Features

  • Add, remove and edit users and groups
  • Manage user-group relations
  • Manage every user's or group's check and reply attributes
  • Manage clients (nasses)
  • Show statistics and graphs about accounting and post-auth data

Development status

Currently, RadiusAdmin is in a very early stage. Most features are not done yet, and it is thus not ready for use.
2015-6-21
Alpha 1 is released. The core framework is done. The only features that work are:
  • User management
  • Group management
  • Reply and check attributes

Used tools and libraries

RadiusAdmin uses the following server-side tools, languages and libraries:
  • Primary language: PHP
  • Database access layer: PDO
  • Templating engine: Smarty
In addition, RadiusAdmin also uses the following front-end frameworks:
  • Javascript library: jQuery
  • Front-end framework: Bootstrap
  • Bootstrap theme: Bootswatch Flatly
  • Icon packs: Glyphicons and Font Awesome

Installation

Requirements

Since the latest version uses scalar type hinting and return type hinting, it requires PHP 7. Older versions work on PHP 5.4. RadiusAdmin depends on Smarty, and dependencies are managed using Composer.

Databases

RadiusAdmin needs access to 2 databases: FreeRADIUS' database and RadiusAdmin's own database. These two database don't necessarily have to reside on the same server, although the example config file assumes they do.
The schema for FreeRADIUS' database can be found in raddb/mods-config/sql/main/*/schema.sql. RadiusAdmin's schema is radiusadmin.sql and should be in this directory.
RadiusAdmin is made with MySQL in mind, but can probably work with other RDBMSs as well by editing app/include/db.php.

Instructions

Download a stable release or clone the development branch (bleeding edge!). Put them somewhere where your webserver has access to them.
Now run composer install in the directory containing composer.json to let Composer download the dependencies for you. The directory structure should now look like this:
  • RadiusAdmin
    • app
    • public_html
    • tmp
    • vendor
As you might have guessed, the public_html directory is going to be the docroot. All the other directories shouldn't be publicly available. You webserver should have read+execute access to all 4 subdirectories. In addition, it needs write access to the tmp directory.
Create a database and user for RadiusAdmin and import the SQL file. Copy app/config.php.example to app/config.php and edit the file to reflect your database settings.

from https://github.com/Compizfox/RadiusAdmin

No comments:

Post a Comment