×××搭建_failed

 

企业部分笔记:

服务器环境:DEll R610 ,DELL E105106(刀片机)

红帽企业7中的浏览器中不能识别中文解决办法:

#yum groupinfo "Server With GUI"  //会看到input-methods

#yum groupinstall  input-methods

虚拟机的快速安装方法:

首先手动安装一个非图形的虚拟机,并配置好yum源,主机名/备份初识源

#rm -rf /etc/udev/rules/70-persistent-net.rules   //删除/etc/udev/rules/70-persistent-net.rules   

#service sshd restart  //或者 /etc/init.d/sshd restart

#rm -rf  /etc/ssh/ssh_host_*   //删除  /etc/ssh/ssh_host_*   

注意:chomd 777  /etc/ssh/ -R  会有错误提示 

[root@1 etc]# ssh localhost

Read from socket failed: Connection reset by peer

#chmod  755  /etc/ssh/ -R //记得重启服务

[root@1 etc]# ssh localhost

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that the RSA host key has just been changed.

The fingerprint for the RSA key sent by the remote host is

be:57:c8:5e:9d:e6:8e:32:09:c0:eb:04:52:e4:ac:0e.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid of this message.

Offending key in /root/.ssh/known_hosts:2

RSA host key for localhost has changed and you have requested strict checking.

Host key verification failed.

解决方法: echo "" >/root/.ssh/known_hosts  //这样就ok了

[root@1 etc]# ssh localhost

The authenticity of host 'localhost (::1)' can't be established.

RSA key fingerprint is be:57:c8:5e:9d:e6:8e:32:09:c0:eb:04:52:e4:ac:0e.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.

root@localhost's password: 

Last login: Tue Apr  7 05:51:50 2015 from localhost


接着管道火墙和selinux

#service iptables stop

#chkconfig iptables off

#vim /etc/selinux/config  //Enforcing改成:disabled 重启机器

#cd  /var/lib/libvirt/p_w_picpaths

#qemu-img -h base.img

#qemu-img  info base.img //查看base.img镜像的情况

#qemu-img convert -c -O qcow2  base.img base.qcow2  //这样base.qcow2文件就可以拿回家了方便管理

#qemu-img create -f qcow2 -b  base.qcow2  vm1.ovl  //vm1.ovl这个就是创建的虚拟机文件可以在虚拟机创建哪里导入


一个小知识点:网络配置文件里的PREFIX=24<==>NETMASK=255.255.255.0

强制安装rpm包时使用--nodeps参数即#rpm -ivh --nodeps  包名

企业部分所涵盖的内容:

1,email postfix +mysql+extmail+mailscanner+clamav+spamassain

2,lamp lnmp jsp tomcat+memcache + session

3,监控:cacti+nagios+微信

4,cluster HA+LB  rhcsm corosync+pacemaker keepalived haproxy heartbeat lvs nginx haproxy

5,mfs glusterfs hdfs hadoop hdfs+mapreduce

6,mysql cluster mysql AB

7,rhevh

8,openstack IAAS

9,vpn drbd gfs2

10,python + shell

vpn:虚拟专用网络,openssl协议 pptp协议端口为1723 https协议443

前期准备,因为本人是在Windows下装的非图形虚拟机,所以需要将事先准备好的pptpd-1.3.4-2.el6.x86_64

pptp-setup-1.7.2-8.1.el6.x86_64,ppp-2.4.4.tar,freeradius-mysql-2.1.12-3.el6.x86_64,freeradius-utils-2.1.12-3.el6.x86_64

本人搭建了Samba服务器实现

Samba:案例

#yum install -y samba samba-client

#vim  /etc/samba/smb.conf  //[global]部分 MYGROUP 改为WORKGROUP security = user  改为 security = share 

末尾处加入:

[share] 

comment = share all 

path = /tmp/samba 

browseable = yes 

public = yes 

writable = yes

#mkdir /tmp/samba 

#chmod 777 /tmp/samba 

#touch /tmp/samba/sharefiles 

#echo "111111" > /tmp/samba/sharefiles 

[root@1 vpn]# service smb  start

Starting SMB services:                                     [  OK  ]

启动:/etc/init.d/smb start  //注意一定要关掉防火墙以及selinux不然影响结果

检查配置的smb.conf是否正确  testparm 

测试1:win机器浏览器输入 file://192.168.217.134/share 

或者运行栏输入: \\192.168.217.134\share 

这下就可以把搭建vpn用到的rpm包copy到此目录使用

测试2:linux在命令行中输入

[root@3 peers]# smbclient //192.168.217.134/share

Enter root's password: 

Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.23-14.el6_6]

Server not using user level security and no password supplied.

smb: \> ls

  .                                   D        0  Tue Apr  7 08:02:42 2015

  ..                                  D        0  Fri Apr 10 20:27:15 2015

  vpn                                 D        0  Wed Apr  8 13:38:43 2015

  sharefiles                                   5  Tue Apr  7 07:12:58 2015


                38225 blocks of size 262144. 31216 blocks available

smb: \> cd vpn\

smb: \vpn\> ls

  .                                   D        0  Wed Apr  8 13:38:43 2015

  ..                                  D        0  Tue Apr  7 08:02:42 2015

  freeradius-mysql-2.1.12-3.el6.x86_64.rpm      A    55744  Sun Apr  5 18:14:38 2015

  freeradius-utils-2.1.12-3.el6.x86_64.rpm      A   121208  Wed Apr  8 12:38:20 2015

  freeradius-mysql-2.1.12-4.el6_3.x86_64.rpm      A    56916  Wed Apr  8 12:38:20 2015

  ppp-2.4.5.tar.gz                    A   684342  Wed Dec 25 11:33:32 2013

  pptp-setup-1.7.2-8.1.el6.x86_64.rpm      A    12024  Wed Dec 25 11:33:32 2013

  freeradius-2.1.12-4.el6_3.x86_64.rpm      A  1458328  Wed Apr  8 13:23:12 2015

  sslexplorer_linux_1_0_0_RC17.rpm      A 22198991  Sun Apr  5 18:14:30 2015

  ppp-2.4.4                           D        0  Tue May 30 07:52:09 2006

  pptp-1.7.2-3.rhel5.i386.rpm         A    72523  Wed Dec 25 11:33:32 2013

  adito-0.9.1-bin.zip                 A 19371203  Sun Apr  5 18:14:32 2015

  freeradius-utils-2.1.12-4.el6_3.x86_64.rpm      A   122372  Wed Apr  8 12:38:20 2015

  ppp-2.4.4.tar.gz                    A   688763  Wed Dec 25 11:33:32 2013

  pptpd-1.3.4-2.el6.x86_64.rpm        A    74392  Sun Apr  5 18:14:30 2015

  pptpd-1.3.4-1.rhel5.1.i386.rpm      A    81566  Wed Dec 25 11:33:32 2013


                38225 blocks of size 262144. 31216 blocks available

smb: \vpn\> 

###############################################################

实验开始

第一部分(采用文件验证型的即在文件中写入vpn用户名及密码的形式)

首先准备三台机器,A,B,C即1,2,3 主机名也是1 ,2, 3 //关掉防火墙,selinux确保

对A机器即1 如下操作:

eth0:ip 192.168.217.134 

eth1: ip 192.168.40.135

#vim /etc/hosts

192.168.217.134   1

192.168.40.136    2

192.168.217.135   3

#yum localinstall -y  pptpd-1.3.4-2.el6.x86_64

#sysctl -p    //查看net.ipv4.ip_forward = 0   

将0该为1,意思是开启端口转发功能。

#vim  /etc/pptpd.conf

添加

localip 192.168.217.134

remoteip 192.168.40.140-145

#vim /etc/ppp/chap-secrets

添加

vpnuser1     pptpd    westos      *

vpnuser2     pptpd    redhat    192.168.40.30 //这个不在remoteip 192.168.10.10-20范围内

#service pptpd  start

对B机器即2如下操作

#vim /etc/hosts

192.168.40.135    1

192.168.40.136    2

#ifconfig eth0  192.168.40.136 netmask 255.255.255.0

#ping  192.168.40.135  //测试下能否ping通A

对C机器即 3 如下操作:

#vim /etc/hosts

192.168.217.134   1

192.168.217.135   3

eth0:ip 192.168.217.135

#yum localinstall -y  pptp-setup-1.7.2-8.1.el6.x86_64

[root@3 ~]# pptpsetup  --create myvpn --server  192.168.217.134  --username  vpnuser1  --password  westos --encrypt --start

Using interface ppp0

Connect: ppp0 <--> /dev/pts/1

CHAP authentication succeeded

MPPE 128-bit stateless compression enabled

local  IP address 192.168.40.140

remote IP address 192.168.217.134

[root@3 ~]# pptpsetup  --create myvpn --server  192.168.217.134  --username  vpnuser2  --password  redhat --encrypt --start

Using interface ppp1

Connect: ppp1 <--> /dev/pts/2

CHAP authentication succeeded

MPPE 128-bit stateless compression enabled

local  IP address 192.168.40.30

remote IP address 192.168.217.134

#ip addr show

#route add -net 192.168.40.0/24  dev  ppp0

#ping 192.168.40.136  //通了说明第一部分配置成功

[root@3 ~]# route add -net 192.168.40.0/24  dev ppp0

[root@3 ~]# ping 192.168.40.136

PING 192.168.40.136 (192.168.40.136) 56(84) bytes of data.

64 bytes from 192.168.40.136: icmp_seq=1 ttl=63 time=867 ms

64 bytes from 192.168.40.136: icmp_seq=2 ttl=63 time=60.8 ms

64 bytes from 192.168.40.136: icmp_seq=3 ttl=63 time=46.0 ms

64 bytes from 192.168.40.136: icmp_seq=4 ttl=63 time=46.8 ms

^C

--- 192.168.40.136 ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 3691ms

rtt min/avg/max/mdev = 46.056/255.388/867.804/353.627 ms


第二部分采用mysql数据库验证的方式(即mysql存储vpn用户名以及密码的形式)


需要下载freeradius-2.1.12-4.el6_3.x86_64,freeradius-mysql-2.1.12-4.el6_3.x86_64,freeradius-utils-2.1.12-4.el6_3.x86_64

,ppp-2.4.4.tar  mysql-server

A机器操作

#yum install -y mysql-server

#yum localinstall -y freeradius freeradius-mysql freeradius-utils  //或者rpm -ivh  freeradius*

#tar -zxvf ppp-2.4.4.tar

#mkdir /etc/radiusclient

#cp ppp-2.4.4/pppd/plugins/radius/etc/*   /etc/radiusclient/

#cd /etc/radiusclient/

#vim servers

localhost                                       westos

#vim radiusclient.conf  //将一下文件的 "/usr/local/"去掉

servers         /etc/radiusclient/servers

dictionary      /etc/radiusclient/dictionary

mapfile         /etc/radiusclient/port-id-map

issue   /etc/radiusclient/issue

#vim /etc/ppp/options.pptpd 

末尾添加

plugin /usr/lib64/pppd/2.4.5/radius.so

#cd /etc/raddb/

#vim clients.conf 

secret          = westos //和/etc/radiusclient/servers文件里写的一样

#vim /etc/raddb/radiusd.conf //去掉#

$INCLUDE sql.conf 

#vim /etc/raddb/sites-available/default   //将文件中的参数们改成一下形式

authorize {

#       files

sql

}

accounting {

#       radutmp

sql

}

session {

#       radutmp

        sql

}

post-auth {

sql

}

#vim /etc/raddb/sql.conf  //不需要改啥

#vim /etc/raddb/sql/mysql/dialup.conf //去掉每行前面的注释#

simul_count_query = "SELECT COUNT(*) \

                             FROM ${acct_table1} \

                             WHERE username = '%{SQL-User-Name}' \

                             AND acctstoptime IS NULL"


#vim /etc/ppp/chap-secrets  //删掉vpnuser1 ,vpnuser2两行

#service mysqld start

#mysql_secure_installation  //设置mysql数据库密码

#mysql -uroot -pwestos  //登录数据库

#mysqladmin -pwestos create radius //创建数据库radius

#cd /etc/raddb/sql/mysql/

#mysql -pwestos radius  < schema.sql 

#mysql -pwestos < admin.sql 

#mysql -uradius -pradpass  radius

#vim add.sql

use radius

insert into  radgroupreply (groupname,attribute,op,value)  values ('user','Auth-Type',':=','Local');

insert into  radgroupreply (groupname,attribute,op,value)  values ('user','Service-Type',':=','Framed-User');

insert into  radgroupreply (groupname,attribute,op,value)  values ('user','Framed-IP-Address',':=','255.255.255.254');

insert into  radgroupreply (groupname,attribute,op,value)  values ('user','Framed-IP-Netmask',':=','255.255.255.0');



insert into  radcheck (username,attribute,op,value)  values ('vpnuser1','User-Password',':=','westos');

insert into  radusergroup (username,groupname)  values ('vpnuser1','user');


insert into  radcheck (username,attribute,op,value)  values ('vpnuser2','User-Password',':=','redhat');

insert into  radusergroup (username,groupname)  values ('vpnuser2','user');


#mysql -pwestos < add.sql 

#service radiusd start

#service pptpd stop

#service pptpd start

#radtest vpnuser1   westos  localhost 0  westos//一下进行本地测试

本人测试如下:

[root@1 radiusclient]# radtest vpnuser1   westos  localhost 0  westos   

Sending Access-Request of id 89 to 127.0.0.1 port 1812

        User-Name = "vpnuser1"

        User-Password = "westos"

        NAS-IP-Address = 0.0.0.1

        NAS-Port = 0

        Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=89, length=38

        Service-Type = Framed-User

        Framed-IP-Address = 255.255.255.254

        Framed-IP-Netmask = 255.255.255.0

[root@1 radiusclient]# radtest vpnuser2   redhat  localhost 0  westos

Sending Access-Request of id 78 to 127.0.0.1 port 1812

        User-Name = "vpnuser2"

        User-Password = "redhat"

        NAS-IP-Address = 0.0.0.1

        NAS-Port = 0

        Message-Authenticator = 0x00000000000000000000000000000000

rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=78, length=38

        Service-Type = Framed-User

        Framed-IP-Address = 255.255.255.254

        Framed-IP-Netmask = 255.255.255.0

#service mysqld restart

#service mysqld restart

[root@3 log]#  pptpsetup  --create myvpn --server  192.168.217.134  --username  vpnuser1  --password  westos  --encrypt --start

Using interface ppp1

Connect: ppp1 <--> /dev/pts/2

CHAP authentication succeeded

MPPE 128-bit stateless compression enabled

local  IP address 192.168.40.140

remote IP address 192.168.217.134

[root@3 log]#  pptpsetup  --create myvpn --server  192.168.217.134  --username  vpnuser2  --password  redhat --encrypt --start

Using interface ppp0

Connect: ppp0 <--> /dev/pts/0

CHAP authentication succeeded

MPPE 128-bit stateless compression enabled

local  IP address 192.168.40.140

remote IP address 192.168.217.134

[root@3 peers]# route add -net  192.168.40.0/24  dev ppp0

[root@3 peers]# ping 192.168.40.136

PING 192.168.40.136 (192.168.40.136) 56(84) bytes of data.

64 bytes from 192.168.40.136: icmp_seq=1 ttl=63 time=321 ms

64 bytes from 192.168.40.136: icmp_seq=2 ttl=63 time=4.02 ms

64 bytes from 192.168.40.136: icmp_seq=3 ttl=63 time=3.89 ms

^C

//已经能ping通B机器了,说明vpn服务已经搭建成功。


#如果出现问题,查看/var/log/radius/radius.log

tail -f /var/log/radius/radius.log