Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
сервис_freeradius

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
сервис_freeradius [2022/03/04 12:14]
val [Debian] 		сервис_freeradius [2022/03/09 09:24]
val [Debian/Ubuntu]
Line 54: Line 54:
 student Cleartext-Password := "​password"​ student Cleartext-Password := "​password"​
  
-401 Cleartext-Password := "401", Simultaneous-Use :1 +## for ansible 
- +#root Cleartext-Password := "cisco" 
-402 Cleartext-Password := "402", Simultaneous-Use ​:= 1 +#     ​Service-Type NAS-Prompt-User,​ 
- +#     cisco-avpair ​= "shell:priv-lvl=15"
-403 Cleartext-Password := "403", Simultaneous-Use := 2 +
 </​code><​code>​ </​code><​code>​
 server# cat /​etc/​freeradius/​3.0/​radiusd.conf server# cat /​etc/​freeradius/​3.0/​radiusd.conf
Line 91: Line 89:
 </​code>​ </​code>​
  
- 
-==== Настройка с использованием mysql ==== 
- 
-  * [[https://​wiki.freeradius.org/​guide/​SQL-HOWTO|guide/​SQL HOWTO]] 
-  * [[https://​wiki.freeradius.org/​guide/​SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu|guide/​SQL HOWTO for freeradius 3.x on Debian Ubuntu]] 
- 
-<​code>​ 
-# apt install freeradius-mysql 
- 
-mysql> CREATE DATABASE radius; 
-mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "​radpass";​ 
- 
-# mysql radius < /​etc/​freeradius/​sql/​mysql/​schema.sql 
- 
-# cat radiusd.conf 
-</​code><​code>​ 
-... 
-        $INCLUDE sql.conf 
-... 
-</​code><​code>​ 
-# cat sql.conf 
-</​code><​code>​ 
-... 
-        database = "​mysql"​ 
-... 
-</​code><​code>​ 
-# cat sites-available/​default 
-</​code><​code>​ 
-... 
-authorize { 
-... 
- sql 
-... 
-accounting { 
-... 
- sql 
-... 
-</​code><​code>​ 
-mysql> insert into radcheck (username, attribute, value, op) values ("​401",​ "​Cleartext-Password",​ "​401",​ ":​="​);​ 
- 
-mysql> select acctsessionid,​ username, acctstarttime,​ acctstoptime,​ callingstationid,​ calledstationid from radacct; 
-</​code>​ 
 ===== Запуск сервера ===== ===== Запуск сервера =====
  
 ==== Debian/​Ubuntu ==== ==== Debian/​Ubuntu ====
 <​code>​ <​code>​
 +root@server:​~#​ systemctl enable freeradius
 +
 root@server:​~#​ service freeradius restart root@server:​~#​ service freeradius restart
 </​code>​ </​code>​
Line 176: Line 134:
  
 server# /​usr/​local/​radiusreport-0.3b6/​radiusreport -tba -l user1 -f /​var/​log/​radacct/​192.168.X.1/​detail-XXXXX server# /​usr/​local/​radiusreport-0.3b6/​radiusreport -tba -l user1 -f /​var/​log/​radacct/​192.168.X.1/​detail-XXXXX
-</​code>​ 
- 
-===== Использование proxy ===== 
-<​code>​ 
-root@proxy:​~#​ cat /​etc/​freeradius/​proxy.conf 
-</​code><​code>​ 
-... 
-realm NULL { 
-       ​authhost ​       = radius1.corpX.un:​1812 
-       ​authhost ​       = radius1.corpX.un:​1812 
-       ​secret ​         = testing123 
-} 
- 
-realm isp.un { 
-       ​authhost ​       = radius.isp.un:​1812 
-       ​authhost ​       = radius.isp.un:​1812 
-       ​secret ​         = testing123 
-} 
- 
-realm DEFAULT { 
-       ​authhost ​       = radius2.corpX.un:​1812 
-       ​authhost ​       = radius2.corpX.un:​1812 
-       ​secret ​         = testing123 
-} 
 </​code>​ </​code>​
  
Line 234: Line 168:
  
 ===== Дополнительные материалы ===== ===== Дополнительные материалы =====
 +
 +==== Настройка с использованием mysql ====
 +
 +  * [[https://​wiki.freeradius.org/​guide/​SQL-HOWTO|guide/​SQL HOWTO]]
 +  * [[https://​wiki.freeradius.org/​guide/​SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu|guide/​SQL HOWTO for freeradius 3.x on Debian Ubuntu]]
 +
 +<​code>​
 +# apt install freeradius-mysql
 +
 +mysql> CREATE DATABASE radius;
 +mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "​radpass";​
 +
 +# mysql radius < /​etc/​freeradius/​sql/​mysql/​schema.sql
 +
 +# cat radiusd.conf
 +</​code><​code>​
 +...
 +        $INCLUDE sql.conf
 +...
 +</​code><​code>​
 +# cat sql.conf
 +</​code><​code>​
 +...
 +        database = "​mysql"​
 +...
 +</​code><​code>​
 +# cat sites-available/​default
 +</​code><​code>​
 +...
 +authorize {
 +...
 + sql
 +...
 +accounting {
 +...
 + sql
 +...
 +</​code><​code>​
 +mysql> insert into radcheck (username, attribute, value, op) values ("​401",​ "​Cleartext-Password",​ "​401",​ ":​="​);​
 +
 +mysql> select acctsessionid,​ username, acctstarttime,​ acctstoptime,​ callingstationid,​ calledstationid from radacct;
 +</​code>​
 +
 +==== EAP сертификаты ====
  
 <​code>​ <​code>​
Line 265: Line 243:
 > #                     ​CA_file = ${cadir}/​ca.pem > #                     ​CA_file = ${cadir}/​ca.pem
 >                       ​CA_file = ${cadir}/​int.geotrust.crt >                       ​CA_file = ${cadir}/​int.geotrust.crt
 +</​code>​
 +
 +==== Использование proxy ====
 +<​code>​
 +root@proxy:​~#​ cat /​etc/​freeradius/​proxy.conf
 +</​code><​code>​
 +...
 +realm NULL {
 +       ​authhost ​       = radius1.corpX.un:​1812
 +       ​authhost ​       = radius1.corpX.un:​1812
 +       ​secret ​         = testing123
 +}
 +
 +realm isp.un {
 +       ​authhost ​       = radius.isp.un:​1812
 +       ​authhost ​       = radius.isp.un:​1812
 +       ​secret ​         = testing123
 +}
 +
 +realm DEFAULT {
 +       ​authhost ​       = radius2.corpX.un:​1812
 +       ​authhost ​       = radius2.corpX.un:​1812
 +       ​secret ​         = testing123
 +}
 </​code>​ </​code>​
сервис_freeradius.txt · Last modified: 2023/06/28 12:00 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki