radius+openldap+mariadb+docker安装指导

1.安装的目的

公司为了安全wifi上网，需要对接入wifi的的终端进行公司员工的账号密码认账，公司的账号密码是用域账号进行统一管理，公司目前用的交换机是华三的三成交换机，这个交换机上有自带的portal web认证和radius用户认证，为了使华三的web认证和公司的域账号可以进行关联认证，所以就使用了radius和openldap的方案

2. 使用docker安装mariadb

使用mariadb作为radius的数据存储,这里用的是docker-compose安装的mariadb

yml文件编写如下

]# cat  
# Use root/example as user/password credentials
version: '3.1'

services:
   mariadb:
     image: mariadb:10.3
     volumes: 
         - /data/ahi/mariadb/:/var/lib/mysql
     restart: always
     ports:
         - 3306:3306 
     environment:
         MYSQL_ROOT_PASSWORD: abcd@1234

启动mariadb

]# docker-compose -f ./ up -d
Pulling mariadb (mariadb:10.3)...
10.3: Pulling from library/mariadb
da7391352a9b: Already exists
14428a6d4bcd: Already exists
2c2d948710f2: Already exists
22776aa82430: Already exists
90e64230d63d: Already exists
f30861f14a10: Already exists
e8e9e6a3da24: Already exists
420a23f08c41: Already exists
bd73f23de482: Already exists
739c71d82551: Pull complete
65465f3a9066: Pull complete
1d96eca58ffe: Pull complete
13ddb412bd22: Pull complete
Digest: sha256:25d59d64013285f77db2e252c1b2cd390dc639773ae4f5132b90f539cfba27d4
Status: Downloaded newer image for mariadb:10.3
Creating opt_mariadb_1 ... done

]# docker ps -a|grep mariadb
09f1381289bb        mariadb:10.3                                  "…"   About a minute ago   Up 11 seconds       0.0.0.0:3306->3306/tcp                     opt_mariadb_1

添加radius数据库及用户名

t]# docker exec -it opt_mariadb_1 /bin/bash
root@09f1381289bb:/# mysql -uroot -pabcd@1234
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.3.27-MariaDB-1:10.3.27+maria~focal  binary distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database radius;
Query OK, 1 row affected (0.001 sec)

MariaDB [(none)]> grant all on radius.* to radius@"%" identified by "radius";
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> 

测试数据库是否可以连接

]# docker restart opt_mariadb_1
opt_mariadb_1
]# docker exec -it opt_mariadb_1 /bin/bash
root@09f1381289bb:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
71: eth0@if72: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 02:42:ac:12:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.18.0.3/16 brd 172.18.255.255 scope global eth0
       valid_lft forever preferred_lft forever
root@09f1381289bb:/# mysql -h172.18.0.3 -uradius -pradius
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.3.27-MariaDB-1:10.3.27+maria~focal  binary distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> exit
Bye


连接成功

mariadb安装完成

3.安装openldap

openldap是域用户管工具，同样也是用docker的方式安装

yml编写如下

]# cat  
version: "3"
services:
  openldap:
    image: osixia/openldap
    container_name: openldap
    restart: always
    ports:
      - '389:389'
    volumes: 
      - /data/ahi/openldap/data:/var/lib/ldap
      - /data/ahi/openldap/:/etc/ldap/
    environment:
      - LDAP_TLS=false
      - LDAP_ORGANISATION=
      - LDAP_DOMAIN=
      - LDAP_ADMIN_PASSWORD=abcd@1234
      - LDAP_CONFIG_PASSWORD=abcd@1234

• 配置LDAP组织者：LDAP_ORGANISATION
• 配置LDAP域：LDAP_DOMAIN
• 配置LDAP密码：LDAP_ADMIN_PASSWORD
• 默认登录用户名：