User Tools
сервис_freeradius
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
сервис_freeradius [2020/04/23 16:57] val [FreeBSD] |
сервис_freeradius [2022/03/05 15:25] val [Настройка c использованием текстовых файлов] |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| !!! Ставится 2-3 минуты !!! | !!! Ставится 2-3 минуты !!! | ||
| - | ==== Debian 9, 10 ==== | ||
| - | <code> | ||
| - | root@server:~# apt install freeradius | ||
| - | |||
| - | root@server:~# cd /etc/freeradius/3.0/ | ||
| - | </code> | ||
| - | |||
| ==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
| <code> | <code> | ||
| root@server:~# apt install freeradius | root@server:~# apt install freeradius | ||
| - | |||
| - | root@server:~# cd /etc/freeradius/ | ||
| </code> | </code> | ||
| Line 25: | Line 16: | ||
| [root@server ~]# yum install freeradius-utils | [root@server ~]# yum install freeradius-utils | ||
| - | [root@server ~]# cd /etc/raddb/ | + | [root@server ~]# ls /etc/raddb/ |
| </code> | </code> | ||
| - | ==== Windows ==== | ||
| - | * [[http://freeradius.net/]] | ||
| - | * [[http://val.bmstu.ru/unix/billing/FreeRADIUS.net-1.1.7-r0.0.2.exe]] | ||
| ===== Настройка сервера ===== | ===== Настройка сервера ===== | ||
| Line 39: | Line 27: | ||
| <code> | <code> | ||
| - | server# cat clients.conf | + | server# cat /etc/freeradius/3.0/clients.conf |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 52: | Line 40: | ||
| } | } | ||
| </code><code> | </code><code> | ||
| - | server# :> users | + | server# :> /etc/freeradius/3.0/users |
| - | server# cat users | + | server# cat /etc/freeradius/3.0/users |
| </code><code> | </code><code> | ||
| user1 Cleartext-Password := "rpassword1" | user1 Cleartext-Password := "rpassword1" | ||
| Line 63: | Line 51: | ||
| # Service-Type = NAS-Prompt-User, | # Service-Type = NAS-Prompt-User, | ||
| # cisco-avpair = "shell:priv-lvl=15" | # cisco-avpair = "shell:priv-lvl=15" | ||
| + | |||
| + | #for ansible | ||
| + | root Cleartext-Password := "cisco" | ||
| student Cleartext-Password := "password" | student Cleartext-Password := "password" | ||
| Line 73: | Line 64: | ||
| </code><code> | </code><code> | ||
| - | server# cat radiusd.conf | + | server# cat /etc/freeradius/3.0/radiusd.conf |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 81: | Line 72: | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | server# cat sites-available/default | + | server# cat /etc/freeradius/3.0/sites-available/default |
| </code><code> | </code><code> | ||
| authorize { | authorize { | ||
| Line 96: | Line 87: | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | server# cat mods-available/radutmp | + | server# cat /etc/freeradius/3.0/mods-available/radutmp |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 103: | Line 94: | ||
| </code> | </code> | ||
| - | |||
| - | ==== Настройка с использованием mysql ==== | ||
| - | |||
| - | * [[https://wiki.freeradius.org/guide/SQL-HOWTO|guide/SQL HOWTO]] | ||
| - | * [[https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu|guide/SQL HOWTO for freeradius 3.x on Debian Ubuntu]] | ||
| - | |||
| - | <code> | ||
| - | # apt install freeradius-mysql | ||
| - | |||
| - | mysql> CREATE DATABASE radius; | ||
| - | mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass"; | ||
| - | |||
| - | # mysql radius < /etc/freeradius/sql/mysql/schema.sql | ||
| - | |||
| - | # cat radiusd.conf | ||
| - | </code><code> | ||
| - | ... | ||
| - | $INCLUDE sql.conf | ||
| - | ... | ||
| - | </code><code> | ||
| - | # cat sql.conf | ||
| - | </code><code> | ||
| - | ... | ||
| - | database = "mysql" | ||
| - | ... | ||
| - | </code><code> | ||
| - | # cat sites-available/default | ||
| - | </code><code> | ||
| - | ... | ||
| - | authorize { | ||
| - | ... | ||
| - | sql | ||
| - | ... | ||
| - | accounting { | ||
| - | ... | ||
| - | sql | ||
| - | ... | ||
| - | </code><code> | ||
| - | mysql> insert into radcheck (username, attribute, value, op) values ("401", "Cleartext-Password", "401", ":="); | ||
| - | |||
| - | mysql> select acctsessionid, username, acctstarttime, acctstoptime, callingstationid, calledstationid from radacct; | ||
| - | </code> | ||
| ===== Запуск сервера ===== | ===== Запуск сервера ===== | ||
| Line 150: | Line 99: | ||
| <code> | <code> | ||
| root@server:~# service freeradius restart | root@server:~# service freeradius restart | ||
| - | </code> | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [server:~] # service radiusd start | ||
| - | </code> | ||
| - | |||
| - | ==== Windows ==== | ||
| - | |||
| - | <code> | ||
| - | C:\FreeRADIUS.net>start_radiusd_debug.bat | ||
| </code> | </code> | ||
| Line 172: | Line 110: | ||
| $ radtest user1 rpassword1 127.0.0.1 0 testing123 | $ radtest user1 rpassword1 127.0.0.1 0 testing123 | ||
| + | |||
| + | # tail -f /var/log/freeradius/radius.log | ||
| $ echo "User-Name=401,User-Password=401,NAS-IP-Address=127.0.0.1" | radclient localhost auth testing123 | $ echo "User-Name=401,User-Password=401,NAS-IP-Address=127.0.0.1" | radclient localhost auth testing123 | ||
| Line 197: | Line 137: | ||
| server# /usr/local/radiusreport-0.3b6/radiusreport -tba -l user1 -f /var/log/radacct/192.168.X.1/detail-XXXXX | server# /usr/local/radiusreport-0.3b6/radiusreport -tba -l user1 -f /var/log/radacct/192.168.X.1/detail-XXXXX | ||
| - | </code> | ||
| - | |||
| - | ===== Использование proxy ===== | ||
| - | <code> | ||
| - | root@proxy:~# cat /etc/freeradius/proxy.conf | ||
| - | </code><code> | ||
| - | ... | ||
| - | realm NULL { | ||
| - | authhost = radius1.corpX.un:1812 | ||
| - | authhost = radius1.corpX.un:1812 | ||
| - | secret = testing123 | ||
| - | } | ||
| - | |||
| - | realm isp.un { | ||
| - | authhost = radius.isp.un:1812 | ||
| - | authhost = radius.isp.un:1812 | ||
| - | secret = testing123 | ||
| - | } | ||
| - | |||
| - | realm DEFAULT { | ||
| - | authhost = radius2.corpX.un:1812 | ||
| - | authhost = radius2.corpX.un:1812 | ||
| - | secret = testing123 | ||
| - | } | ||
| </code> | </code> | ||
| Line 231: | Line 147: | ||
| <code> | <code> | ||
| - | freeradius2# cat eap.conf | + | freeradius3# cat /etc/freeradius/3.0/mods-available/eap |
| - | + | ||
| - | freeradius3# cat mods-available/eap | + | |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 239: | Line 153: | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | freeradius2# cat modules/mschap | + | freeradius3# cat /etc/freeradius/3.0/mods-available/mschap |
| - | + | ||
| - | freeradius3# cat mods-available/mschap | + | |
| - | freeradius3# cat mods-available/preprocess | + | |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 250: | Line 161: | ||
| ... | ... | ||
| require_strong = yes | require_strong = yes | ||
| + | ... | ||
| + | </code><code> | ||
| + | freeradius3# cat /etc/freeradius/3.0/mods-available/preprocess | ||
| + | </code><code> | ||
| ... | ... | ||
| with_ntdomain_hack = yes | with_ntdomain_hack = yes | ||
| Line 256: | Line 171: | ||
| ===== Дополнительные материалы ===== | ===== Дополнительные материалы ===== | ||
| + | |||
| + | ==== Настройка с использованием mysql ==== | ||
| + | |||
| + | * [[https://wiki.freeradius.org/guide/SQL-HOWTO|guide/SQL HOWTO]] | ||
| + | * [[https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu|guide/SQL HOWTO for freeradius 3.x on Debian Ubuntu]] | ||
| + | |||
| + | <code> | ||
| + | # apt install freeradius-mysql | ||
| + | |||
| + | mysql> CREATE DATABASE radius; | ||
| + | mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass"; | ||
| + | |||
| + | # mysql radius < /etc/freeradius/sql/mysql/schema.sql | ||
| + | |||
| + | # cat radiusd.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | $INCLUDE sql.conf | ||
| + | ... | ||
| + | </code><code> | ||
| + | # cat sql.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | database = "mysql" | ||
| + | ... | ||
| + | </code><code> | ||
| + | # cat sites-available/default | ||
| + | </code><code> | ||
| + | ... | ||
| + | authorize { | ||
| + | ... | ||
| + | sql | ||
| + | ... | ||
| + | accounting { | ||
| + | ... | ||
| + | sql | ||
| + | ... | ||
| + | </code><code> | ||
| + | mysql> insert into radcheck (username, attribute, value, op) values ("401", "Cleartext-Password", "401", ":="); | ||
| + | |||
| + | mysql> select acctsessionid, username, acctstarttime, acctstoptime, callingstationid, calledstationid from radacct; | ||
| + | </code> | ||
| + | |||
| + | ==== EAP сертификаты ==== | ||
| <code> | <code> | ||
| Line 287: | Line 246: | ||
| > # CA_file = ${cadir}/ca.pem | > # CA_file = ${cadir}/ca.pem | ||
| > CA_file = ${cadir}/int.geotrust.crt | > CA_file = ${cadir}/int.geotrust.crt | ||
| + | </code> | ||
| + | |||
| + | ==== Использование proxy ==== | ||
| + | <code> | ||
| + | root@proxy:~# cat /etc/freeradius/proxy.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | realm NULL { | ||
| + | authhost = radius1.corpX.un:1812 | ||
| + | authhost = radius1.corpX.un:1812 | ||
| + | secret = testing123 | ||
| + | } | ||
| + | |||
| + | realm isp.un { | ||
| + | authhost = radius.isp.un:1812 | ||
| + | authhost = radius.isp.un:1812 | ||
| + | secret = testing123 | ||
| + | } | ||
| + | |||
| + | realm DEFAULT { | ||
| + | authhost = radius2.corpX.un:1812 | ||
| + | authhost = radius2.corpX.un:1812 | ||
| + | secret = testing123 | ||
| + | } | ||
| </code> | </code> | ||
сервис_freeradius.txt · Last modified: 2023/06/28 12:00 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
