本文章没有找到对应的语言版本
运维
  • 通过FreeRadius+GoogleAuthenticator实现动态口令认证
# 配置文件解释:
# /etc/freeradius/radiusd.conf 主配置控制全局行为
# /etc/freeradius/clients.conf 管理客户端网络设备信任关系
# /etc/pam.d/radiusd 配置文件决定具体认证方式(密码/OTP等)
# /etc/freeradius/users 定义用户账号和密钥
# /etc/freeradius/sites-enable/default 站点定义认证流程
# /etc/freeradius/mods-enable/dual_factor 自定义的模块,是实现系统账号认证的关键桥梁
# /etc/freeradius/dual_auth.sh 自定义认证的脚本

# 进容器执行操作,编辑配置添加允许连接的客户端:
vim /etc/freeradius/clients.conf

# 进容器执行操作,添加用户单独的TOTP-secret:
google-authenticator -t -d -f -r 3 -R 30 -w 3 -s /etc/freeradius/google_authenticator/wangzhenhua75

# 进容器执行操作,编辑配置添加用户:
vim /etc/freeradius/users

# 启动
docker run -d --restart always --network host --name freeradius-server ccr.ccs.tencentyun.com/zoehuawang/freeradius-server:v1.1 radiusd -X

# 进容器执行测试连接命令:
radtest wangzhenhua75 "welljoint449286" 192.168.7.51 1812 "Aa123456"
  • Dockerfile镜像构建过程
FROM freeradius/freeradius-server
RUN rm -f /etc/apt/sources.list
RUN echo "deb http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse" > /etc/apt/sources.list
RUN echo "deb-src http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse" >> /etc/apt/
sources.list
RUN echo "deb http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb-src http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb-src http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb-src http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse" >> /etc/apt/sources.list
RUN echo "deb-src http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse" >> /etc/apt/sources.list
RUN apt-get update && apt-get install -y oathtool libpam-google-authenticator tzdata && apt-get clean -y && rm -rf /var/lib/apt/lists/*
RUN ln -fs /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && echo "Asia/Shanghai" > /etc/timezone
RUN mkdir /etc/freeradius/google_authenticator
RUN rm -f /etc/freeradius/mods-enabled/pam && ln -s /etc/freeradius/mods-available/dual_factor /etc/freeradius/mods-enabled/
COPY wangzhenhua75 /etc/freeradius/google_authenticator/
COPY radiusd.conf /etc/freeradius/
COPY clients.conf /etc/freeradius/
COPY radiusd /etc/pam.d/
COPY authorize /etc/freeradius/mods-config/files/
COPY default /etc/freeradius/sites-available/
COPY dual_factor /etc/freeradius/mods-available/
COPY dual_auth.sh /etc/freeradius/