Differences

This shows you the differences between two versions of the page.

--- сервис_freeradius [2017/12/13 07:51]
val [Настройка c использованием текстовых файлов]
+++ сервис_freeradius [2022/03/05 15:26]
val [Настройка c использованием текстовых файлов]
@@ Line 4: / Line 4: @@
 ===== Инсталляция сервера =====
-==== Debian 9 ====
+!!! Ставится 2-3 минуты !!!
-<code>
-root@server:~# apt install freeradius
-root@server:~# cd /etc/freeradius/3.0/
-</code>
 ==== Debian/Ubuntu ====
 <code>
 root@server:~# apt install freeradius
-root@server:~# cd /etc/freeradius/
 </code>
@@ Line 24: / Line 16: @@
 [root@server ~]# yum install freeradius-utils
-[root@server ~]# cd /etc/raddb/
+[root@server ~]# ls /etc/raddb/
 </code>
-==== FreeBSD ====
-<code>
-[server:~] # pkg install freeradius
-</code><code>
-[server:~] # cat /etc/rc.conf
-</code><code>
-...
-radiusd_enable=yes
-</code><code>
-[server:~] # cd /usr/local/etc/raddb/
-</code>
-==== Windows ====
-  * [[http://freeradius.net/]]
-  * [[http://val.bmstu.ru/unix/billing/FreeRADIUS.net-1.1.7-r0.0.2.exe]]
 ===== Настройка сервера =====
@@ Line 49: / Line 27: @@
 <code>
-server# cat sites-available/default
+server# cat /etc/freeradius/3.0/clients.conf
-</code><code>
-authorize {
-...
-#	unix
-	files
-accounting {
-...
-	radutmp
-...
-session {
-...
-	radutmp
-...
-</code><code>
-server# cat clients.conf
 </code><code>
 ...
@@ Line 77: / Line 40: @@
 }
 </code><code>
-server# cat mods-available/radutmp
+server# :> /etc/freeradius/3.0/users
-</code><code>
-...
-check_with_nas = no
-...
-</code><code>
-server# :> users
-server# cat users
+server# cat /etc/freeradius/3.0/users
 </code><code>
 user1 Cleartext-Password := "rpassword1"
@@ Line 95: / Line 52: @@
 #     cisco-avpair = "shell:priv-lvl=15"
- Cleartext-Password := "401", Simultaneous-Use := 2
+student Cleartext-Password := "password"
-Cleartext-Password := "402", Simultaneous-Use := 1
+#for ansible
+root Cleartext-Password := "cisco"
- Cleartext-Password := "403", Simultaneous-Use := 1
+</code><code>
+server# cat /etc/freeradius/3.0/radiusd.conf
-</code>
-==== Настройка с использованием mysql ====
-  * [[https://wiki.freeradius.org/guide/SQL-HOWTO|guide/SQL HOWTO]]
-  * [[https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu|guide/SQL HOWTO for freeradius 3.x on Debian Ubuntu]]
-<code>
-# apt install freeradius-mysql
-mysql> CREATE DATABASE radius;
-mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass";
-# mysql radius < /etc/freeradius/sql/mysql/schema.sql
-# cat radiusd.conf
 </code><code>
 ...
-        $INCLUDE sql.conf
+log {
+  ...
+  auth = yes
 ...
 </code><code>
-# cat sql.conf
+server# cat /etc/freeradius/3.0/sites-available/default
 </code><code>
+authorize {
 ...
-        database = "mysql"
+#	unix
+	files
+accounting {
 ...
-</code><code>
+	radutmp
-# cat sites-available/default
-</code><code>
 ...
-authorize {
+session {
 ...
-	sql
+	radutmp
 ...
-accounting {
+</code><code>
+server# cat /etc/freeradius/3.0/mods-available/radutmp
+</code><code>
 ...
-	sql
+check_with_nas = no
 ...
-</code><code>
+</code>
-mysql> insert into radcheck (username, attribute, value, op) values ("401", "Cleartext-Password", "401", ":=");
-mysql> select acctsessionid, username, acctstarttime, acctstoptime, callingstationid, calledstationid from radacct;
-</code>
 ===== Запуск сервера =====
-==== FreeBSD ====
-<code>
-[server:~] # service radiusd start
-</code>
 ==== Debian/Ubuntu ====
 <code>
 root@server:~# service freeradius restart
-</code>
-==== Windows ====
-<code>
-C:\FreeRADIUS.net>start_radiusd_debug.bat
 </code>
@@ Line 172: / Line 104: @@
 $ radtest user1 rpassword1 127.0.0.1 0 testing123
-$ echo "User-Name=401,User-Password=401,NAS-IP-Address=127.0.0.1,NAS-Port=0" | radclient localhost auth testing123
+# tail -f /var/log/freeradius/radius.log
-$ echo "User-Name=401,Acct-Session-Id=6000006B,Acct-Status-Type=Start,NAS-IP-Address=127.0.0.1,NAS-Port=0"| radclient localhost acct testing123
+$ echo "User-Name=401,User-Password=401,NAS-IP-Address=127.0.0.1" | radclient localhost auth testing123
-# radwho
+$ echo "User-Name=401,Acct-Session-Id=6000006B,Acct-Status-Type=Start,NAS-IP-Address=127.0.0.1,NAS-Port=401402"| radclient localhost acct testing123
-$ echo "User-Name=401,Acct-Session-Id=6000006B,Acct-Status-Type=Stop,NAS-IP-Address=127.0.0.1,NAS-Port=0"| radclient localhost acct testing123
+# radwho -R
+$ echo "User-Name=401,Acct-Session-Id=6000006B,Acct-Status-Type=Stop,NAS-IP-Address=127.0.0.1,NAS-Port=401402"| radclient localhost acct testing123
 </code>
@@ Line 196: / Line 130: @@
 server# /usr/local/radiusreport-0.3b6/radiusreport -tba -l user1 -f /var/log/radacct/192.168.X.1/detail-XXXXX
-</code>
-===== Использование proxy =====
-<code>
-root@proxy:~# cat /etc/freeradius/proxy.conf
-</code><code>
-...
-realm NULL {
-       authhost        = radius1.corpX.un:1812
-       authhost        = radius1.corpX.un:1812
-       secret          = testing123
-}
-realm isp.un {
-       authhost        = radius.isp.un:1812
-       authhost        = radius.isp.un:1812
-       secret          = testing123
-}
-realm DEFAULT {
-       authhost        = radius2.corpX.un:1812
-       authhost        = radius2.corpX.un:1812
-       secret          = testing123
-}
 </code>
@@ Line 230: / Line 140: @@
 <code>
-server# cat eap.conf
+freeradius3# cat /etc/freeradius/3.0/mods-available/eap
 </code><code>
 ...
@@ Line 236: / Line 146: @@
 ...
 </code><code>
-server# cat modules/mschap
+freeradius3# cat /etc/freeradius/3.0/mods-available/mschap
 </code><code>
 ...
@@ Line 244: / Line 154: @@
 ...
        require_strong = yes
+...
+</code><code>
+freeradius3# cat /etc/freeradius/3.0/mods-available/preprocess
+</code><code>
 ...
        with_ntdomain_hack = yes
@@ Line 250: / Line 164: @@
 ===== Дополнительные материалы =====
+==== Настройка с использованием mysql ====
+  * [[https://wiki.freeradius.org/guide/SQL-HOWTO|guide/SQL HOWTO]]
+  * [[https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu|guide/SQL HOWTO for freeradius 3.x on Debian Ubuntu]]
+<code>
+# apt install freeradius-mysql
+mysql> CREATE DATABASE radius;
+mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass";
+# mysql radius < /etc/freeradius/sql/mysql/schema.sql
+# cat radiusd.conf
+</code><code>
+...
+        $INCLUDE sql.conf
+...
+</code><code>
+# cat sql.conf
+</code><code>
+...
+        database = "mysql"
+...
+</code><code>
+# cat sites-available/default
+</code><code>
+...
+authorize {
+...
+	sql
+...
+accounting {
+...
+	sql
+...
+</code><code>
+mysql> insert into radcheck (username, attribute, value, op) values ("401", "Cleartext-Password", "401", ":=");
+mysql> select acctsessionid, username, acctstarttime, acctstoptime, callingstationid, calledstationid from radacct;
+</code>
+==== EAP сертификаты ====
 <code>
@@ Line 281: / Line 239: @@
 > #                     CA_file = ${cadir}/ca.pem
 >                       CA_file = ${cadir}/int.geotrust.crt
+</code>
+==== Использование proxy ====
+<code>
+root@proxy:~# cat /etc/freeradius/proxy.conf
+</code><code>
+...
+realm NULL {
+       authhost        = radius1.corpX.un:1812
+       authhost        = radius1.corpX.un:1812
+       secret          = testing123
+}
+realm isp.un {
+       authhost        = radius.isp.un:1812
+       authhost        = radius.isp.un:1812
+       secret          = testing123
+}
+realm DEFAULT {
+       authhost        = radius2.corpX.un:1812
+       authhost        = radius2.corpX.un:1812
+       secret          = testing123
+}
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools