User Tools
сервис_freeradius
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_freeradius [2022/03/04 12:14] val |
сервис_freeradius [2024/12/06 13:35] (current) val [Настройка с использованием mysql] |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| !!! Ставится 2-3 минуты !!! | !!! Ставится 2-3 минуты !!! | ||
| - | ==== Debian ==== | + | ==== Debian/Ubuntu ==== |
| <code> | <code> | ||
| root@server:~# apt install freeradius | root@server:~# apt install freeradius | ||
| Line 39: | Line 39: | ||
| shortname = switch | shortname = switch | ||
| } | } | ||
| + | |||
| + | #client switch1 { secret = testing123 } | ||
| + | #client switch2 { secret = testing123 } | ||
| + | #client switch3 { secret = testing123 } | ||
| </code><code> | </code><code> | ||
| server# :> /etc/freeradius/3.0/users | server# :> /etc/freeradius/3.0/users | ||
| Line 54: | Line 58: | ||
| student Cleartext-Password := "password" | student Cleartext-Password := "password" | ||
| - | 401 Cleartext-Password := "401", Simultaneous-Use := 1 | + | ## for ansible |
| - | + | #root Cleartext-Password := "cisco" | |
| - | 402 Cleartext-Password := "402", Simultaneous-Use := 1 | + | # Service-Type = NAS-Prompt-User, |
| - | + | # cisco-avpair = "shell:priv-lvl=15" | |
| - | 403 Cleartext-Password := "403", Simultaneous-Use := 2 | + | |
| </code><code> | </code><code> | ||
| server# cat /etc/freeradius/3.0/radiusd.conf | server# cat /etc/freeradius/3.0/radiusd.conf | ||
| Line 91: | Line 93: | ||
| </code> | </code> | ||
| - | |||
| - | ==== Настройка с использованием mysql ==== | ||
| - | |||
| - | * [[https://wiki.freeradius.org/guide/SQL-HOWTO|guide/SQL HOWTO]] | ||
| - | * [[https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu|guide/SQL HOWTO for freeradius 3.x on Debian Ubuntu]] | ||
| - | |||
| - | <code> | ||
| - | # apt install freeradius-mysql | ||
| - | |||
| - | mysql> CREATE DATABASE radius; | ||
| - | mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass"; | ||
| - | |||
| - | # mysql radius < /etc/freeradius/sql/mysql/schema.sql | ||
| - | |||
| - | # cat radiusd.conf | ||
| - | </code><code> | ||
| - | ... | ||
| - | $INCLUDE sql.conf | ||
| - | ... | ||
| - | </code><code> | ||
| - | # cat sql.conf | ||
| - | </code><code> | ||
| - | ... | ||
| - | database = "mysql" | ||
| - | ... | ||
| - | </code><code> | ||
| - | # cat sites-available/default | ||
| - | </code><code> | ||
| - | ... | ||
| - | authorize { | ||
| - | ... | ||
| - | sql | ||
| - | ... | ||
| - | accounting { | ||
| - | ... | ||
| - | sql | ||
| - | ... | ||
| - | </code><code> | ||
| - | mysql> insert into radcheck (username, attribute, value, op) values ("401", "Cleartext-Password", "401", ":="); | ||
| - | |||
| - | mysql> select acctsessionid, username, acctstarttime, acctstoptime, callingstationid, calledstationid from radacct; | ||
| - | </code> | ||
| ===== Запуск сервера ===== | ===== Запуск сервера ===== | ||
| ==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
| <code> | <code> | ||
| + | root@server:~# ###systemctl enable freeradius | ||
| + | |||
| root@server:~# service freeradius restart | root@server:~# service freeradius restart | ||
| </code> | </code> | ||
| Line 149: | Line 111: | ||
| $ radtest user1 rpassword1 127.0.0.1 0 testing123 | $ radtest user1 rpassword1 127.0.0.1 0 testing123 | ||
| + | $ radtest root cisco 127.0.0.1 0 testing123 | ||
| + | |||
| + | $ echo "User-Name=student,User-Password=password,NAS-IP-Address=127.0.0.1" | radclient localhost auth testing123 | ||
| # tail -f /var/log/freeradius/radius.log | # tail -f /var/log/freeradius/radius.log | ||
| - | |||
| - | $ echo "User-Name=401,User-Password=401,NAS-IP-Address=127.0.0.1" | radclient localhost auth testing123 | ||
| - | |||
| - | $ echo "User-Name=401,Acct-Session-Id=6000006B,Acct-Status-Type=Start,NAS-IP-Address=127.0.0.1,NAS-Port=401402"| radclient localhost acct testing123 | ||
| - | |||
| - | # radwho -R | ||
| - | |||
| - | $ echo "User-Name=401,Acct-Session-Id=6000006B,Acct-Status-Type=Stop,NAS-IP-Address=127.0.0.1,NAS-Port=401402"| radclient localhost acct testing123 | ||
| </code> | </code> | ||
| Line 176: | Line 133: | ||
| server# /usr/local/radiusreport-0.3b6/radiusreport -tba -l user1 -f /var/log/radacct/192.168.X.1/detail-XXXXX | server# /usr/local/radiusreport-0.3b6/radiusreport -tba -l user1 -f /var/log/radacct/192.168.X.1/detail-XXXXX | ||
| - | </code> | ||
| - | |||
| - | ===== Использование proxy ===== | ||
| - | <code> | ||
| - | root@proxy:~# cat /etc/freeradius/proxy.conf | ||
| - | </code><code> | ||
| - | ... | ||
| - | realm NULL { | ||
| - | authhost = radius1.corpX.un:1812 | ||
| - | authhost = radius1.corpX.un:1812 | ||
| - | secret = testing123 | ||
| - | } | ||
| - | |||
| - | realm isp.un { | ||
| - | authhost = radius.isp.un:1812 | ||
| - | authhost = radius.isp.un:1812 | ||
| - | secret = testing123 | ||
| - | } | ||
| - | |||
| - | realm DEFAULT { | ||
| - | authhost = radius2.corpX.un:1812 | ||
| - | authhost = radius2.corpX.un:1812 | ||
| - | secret = testing123 | ||
| - | } | ||
| </code> | </code> | ||
| Line 234: | Line 167: | ||
| ===== Дополнительные материалы ===== | ===== Дополнительные материалы ===== | ||
| + | |||
| + | ==== Настройка с использованием mysql ==== | ||
| + | |||
| + | * [[https://wiki.freeradius.org/guide/SQL-HOWTO|guide/SQL HOWTO]] | ||
| + | * [[https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu|guide/SQL HOWTO for freeradius 3.x on Debian Ubuntu]] | ||
| + | |||
| + | <code> | ||
| + | # apt install freeradius-mysql | ||
| + | |||
| + | mysql> CREATE DATABASE radius; | ||
| + | mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass"; | ||
| + | |||
| + | # mysql radius < /etc/freeradius/sql/mysql/schema.sql | ||
| + | |||
| + | # cat radiusd.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | $INCLUDE sql.conf | ||
| + | ... | ||
| + | </code><code> | ||
| + | # cat sql.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | database = "mysql" | ||
| + | ... | ||
| + | </code><code> | ||
| + | # cat sites-available/default | ||
| + | </code><code> | ||
| + | ... | ||
| + | authorize { | ||
| + | ... | ||
| + | sql | ||
| + | ... | ||
| + | accounting { | ||
| + | ... | ||
| + | sql | ||
| + | ... | ||
| + | </code><code> | ||
| + | mysql> insert into radcheck (username, attribute, value, op) values ("ussr1", "Cleartext-Password", "password1", ":="); | ||
| + | |||
| + | mysql> select acctsessionid, username, acctstarttime, acctstoptime, callingstationid, calledstationid from radacct; | ||
| + | </code> | ||
| + | |||
| + | ==== EAP сертификаты ==== | ||
| <code> | <code> | ||
| Line 265: | Line 242: | ||
| > # CA_file = ${cadir}/ca.pem | > # CA_file = ${cadir}/ca.pem | ||
| > CA_file = ${cadir}/int.geotrust.crt | > CA_file = ${cadir}/int.geotrust.crt | ||
| + | </code> | ||
| + | |||
| + | ==== Использование proxy ==== | ||
| + | <code> | ||
| + | root@proxy:~# cat /etc/freeradius/proxy.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | realm NULL { | ||
| + | authhost = radius1.corpX.un:1812 | ||
| + | authhost = radius1.corpX.un:1812 | ||
| + | secret = testing123 | ||
| + | } | ||
| + | |||
| + | realm isp.un { | ||
| + | authhost = radius.isp.un:1812 | ||
| + | authhost = radius.isp.un:1812 | ||
| + | secret = testing123 | ||
| + | } | ||
| + | |||
| + | realm DEFAULT { | ||
| + | authhost = radius2.corpX.un:1812 | ||
| + | authhost = radius2.corpX.un:1812 | ||
| + | secret = testing123 | ||
| + | } | ||
| </code> | </code> | ||
сервис_freeradius.1646385240.txt.gz · Last modified: 2022/03/04 12:14 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
