Differences

This shows you the differences between two versions of the page.

--- сервис_freeradius [2019/08/30 14:25]
val [Настройка c использованием текстовых файлов]
+++ сервис_freeradius [2024/12/06 13:35] (current)
val [Настройка с использованием mysql]
@@ Line 5: / Line 5: @@
 !!! Ставится 2-3 минуты !!!
-==== Debian 9, 10 ====
-<code>
-root@server:~# apt install freeradius
-root@server:~# cd /etc/freeradius/3.0/
-</code>
 ==== Debian/Ubuntu ====
 <code>
 root@server:~# apt install freeradius
-root@server:~# cd /etc/freeradius/
 </code>
@@ Line 25: / Line 16: @@
 [root@server ~]# yum install freeradius-utils
-[root@server ~]# cd /etc/raddb/
+[root@server ~]# ls /etc/raddb/
 </code>
-==== FreeBSD ====
-<code>
-[server:~] # pkg install freeradius3
-[server:~] # sysrc radiusd_enable=YES
-[server:~] # cd /usr/local/etc/raddb/
-</code>
-==== Windows ====
-  * [[http://freeradius.net/]]
-  * [[http://val.bmstu.ru/unix/billing/FreeRADIUS.net-1.1.7-r0.0.2.exe]]
 ===== Настройка сервера =====
@@ Line 47: / Line 27: @@
 <code>
-server# cat sites-available/default
+server# cat /etc/freeradius/3.0/clients.conf
-</code><code>
-authorize {
-...
-#	unix
-	files
-accounting {
-...
-	radutmp
-...
-session {
-...
-	radutmp
-...
-</code><code>
-server# cat clients.conf
 </code><code>
 ...
@@ Line 74: / Line 39: @@
        shortname       = switch
 }
+#client switch1 { secret = testing123 }
+#client switch2 { secret = testing123 }
+#client switch3 { secret = testing123 }
 </code><code>
-server# cat mods-available/radutmp
+server# :> /etc/freeradius/3.0/users
-</code><code>
-...
-check_with_nas = no
-...
-</code><code>
-server# :> users
-server# cat users
+server# cat /etc/freeradius/3.0/users
 </code><code>
 user1 Cleartext-Password := "rpassword1"
@@ Line 95: / Line 58: @@
 student Cleartext-Password := "password"
- Cleartext-Password := "401", Simultaneous-Use := 1
+## for ansible
+#root Cleartext-Password := "cisco"
-Cleartext-Password := "402", Simultaneous-Use := 1
+#     Service-Type = NAS-Prompt-User,
+#     cisco-avpair = "shell:priv-lvl=15"
-Cleartext-Password := "403", Simultaneous-Use := 2
+</code><code>
+server# cat /etc/freeradius/3.0/radiusd.conf
-</code>
-==== Настройка с использованием mysql ====
-  * [[https://wiki.freeradius.org/guide/SQL-HOWTO|guide/SQL HOWTO]]
-  * [[https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu|guide/SQL HOWTO for freeradius 3.x on Debian Ubuntu]]
-<code>
-# apt install freeradius-mysql
-mysql> CREATE DATABASE radius;
-mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass";
-# mysql radius < /etc/freeradius/sql/mysql/schema.sql
-# cat radiusd.conf
 </code><code>
 ...
-        $INCLUDE sql.conf
+log {
+  ...
+  auth = yes
 ...
 </code><code>
-# cat sql.conf
+server# cat /etc/freeradius/3.0/sites-available/default
 </code><code>
+authorize {
 ...
-        database = "mysql"
+#	unix
+	files
+accounting {
 ...
-</code><code>
+	radutmp
-# cat sites-available/default
-</code><code>
 ...
-authorize {
+session {
 ...
-	sql
+	radutmp
 ...
-accounting {
+</code><code>
+server# cat /etc/freeradius/3.0/mods-available/radutmp
+</code><code>
 ...
-	sql
+check_with_nas = no
 ...
-</code><code>
+</code>
-mysql> insert into radcheck (username, attribute, value, op) values ("401", "Cleartext-Password", "401", ":=");
-mysql> select acctsessionid, username, acctstarttime, acctstoptime, callingstationid, calledstationid from radacct;
-</code>
 ===== Запуск сервера =====
 ==== Debian/Ubuntu ====
 <code>
+root@server:~# ###systemctl enable freeradius
 root@server:~# service freeradius restart
-</code>
-==== FreeBSD ====
-<code>
-[server:~] # service radiusd start
-</code>
-==== Windows ====
-<code>
-C:\FreeRADIUS.net>start_radiusd_debug.bat
 </code>
@@ Line 171: / Line 111: @@
 $ radtest user1 rpassword1 127.0.0.1 0 testing123
+$ radtest root cisco 127.0.0.1 0 testing123
-$ echo "User-Name=401,User-Password=401,NAS-IP-Address=127.0.0.1" | radclient localhost auth testing123
+$ echo "User-Name=student,User-Password=password,NAS-IP-Address=127.0.0.1" | radclient localhost auth testing123
-$ echo "User-Name=401,Acct-Session-Id=6000006B,Acct-Status-Type=Start,NAS-IP-Address=127.0.0.1,NAS-Port=401402"| radclient localhost acct testing123
+# tail -f /var/log/freeradius/radius.log
-# radwho -R
-$ echo "User-Name=401,Acct-Session-Id=6000006B,Acct-Status-Type=Stop,NAS-IP-Address=127.0.0.1,NAS-Port=401402"| radclient localhost acct testing123
 </code>
@@ Line 196: / Line 133: @@
 server# /usr/local/radiusreport-0.3b6/radiusreport -tba -l user1 -f /var/log/radacct/192.168.X.1/detail-XXXXX
-</code>
-===== Использование proxy =====
-<code>
-root@proxy:~# cat /etc/freeradius/proxy.conf
-</code><code>
-...
-realm NULL {
-       authhost        = radius1.corpX.un:1812
-       authhost        = radius1.corpX.un:1812
-       secret          = testing123
-}
-realm isp.un {
-       authhost        = radius.isp.un:1812
-       authhost        = radius.isp.un:1812
-       secret          = testing123
-}
-realm DEFAULT {
-       authhost        = radius2.corpX.un:1812
-       authhost        = radius2.corpX.un:1812
-       secret          = testing123
-}
 </code>
@@ Line 230: / Line 143: @@
 <code>
-freeradius2# cat eap.conf
+freeradius3# cat /etc/freeradius/3.0/mods-available/eap
-freeradius3# cat mods-available/eap
 </code><code>
 ...
@@ Line 238: / Line 149: @@
 ...
 </code><code>
-freeradius2# cat modules/mschap
+freeradius3# cat /etc/freeradius/3.0/mods-available/mschap
-freeradius3# cat mods-available/mschap
-freeradius3# cat mods-available/preprocess
 </code><code>
 ...
@@ Line 249: / Line 157: @@
 ...
        require_strong = yes
+...
+</code><code>
+freeradius3# cat /etc/freeradius/3.0/mods-available/preprocess
+</code><code>
 ...
        with_ntdomain_hack = yes
@@ Line 255: / Line 167: @@
 ===== Дополнительные материалы =====
+==== Настройка с использованием mysql ====
+  * [[https://wiki.freeradius.org/guide/SQL-HOWTO|guide/SQL HOWTO]]
+  * [[https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu|guide/SQL HOWTO for freeradius 3.x on Debian Ubuntu]]
+<code>
+# apt install freeradius-mysql
+mysql> CREATE DATABASE radius;
+mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass";
+# mysql radius < /etc/freeradius/sql/mysql/schema.sql
+# cat radiusd.conf
+</code><code>
+...
+        $INCLUDE sql.conf
+...
+</code><code>
+# cat sql.conf
+</code><code>
+...
+        database = "mysql"
+...
+</code><code>
+# cat sites-available/default
+</code><code>
+...
+authorize {
+...
+	sql
+...
+accounting {
+...
+	sql
+...
+</code><code>
+mysql> insert into radcheck (username, attribute, value, op) values ("ussr1", "Cleartext-Password", "password1", ":=");
+mysql> select acctsessionid, username, acctstarttime, acctstoptime, callingstationid, calledstationid from radacct;
+</code>
+==== EAP сертификаты ====
 <code>
@@ Line 286: / Line 242: @@
 > #                     CA_file = ${cadir}/ca.pem
 >                       CA_file = ${cadir}/int.geotrust.crt
+</code>
+==== Использование proxy ====
+<code>
+root@proxy:~# cat /etc/freeradius/proxy.conf
+</code><code>
+...
+realm NULL {
+       authhost        = radius1.corpX.un:1812
+       authhost        = radius1.corpX.un:1812
+       secret          = testing123
+}
+realm isp.un {
+       authhost        = radius.isp.un:1812
+       authhost        = radius.isp.un:1812
+       secret          = testing123
+}
+realm DEFAULT {
+       authhost        = radius2.corpX.un:1812
+       authhost        = radius2.corpX.un:1812
+       secret          = testing123
+}
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools