Differences

This shows you the differences between two versions of the page.

--- сервис_freeradius [2022/03/05 15:26]
val [Настройка c использованием текстовых файлов]
+++ сервис_freeradius [2026/02/28 10:00] (current)
val [EAP]
@@ Line 39: / Line 39: @@
        shortname       = switch
 }
+#client switch1 { secret = testing123 }
+#client switch2 { secret = testing123 }
+#client switch3 { secret = testing123 }
 </code><code>
 server# :> /etc/freeradius/3.0/users
@@ Line 54: / Line 58: @@
 student Cleartext-Password := "password"
-#for ansible
+## for ansible
-root Cleartext-Password := "cisco"
+#root Cleartext-Password := "cisco"
+#     Service-Type = NAS-Prompt-User,
+#     cisco-avpair = "shell:priv-lvl=15"
 </code><code>
 server# cat /etc/freeradius/3.0/radiusd.conf
@@ Line 91: / Line 97: @@
 ==== Debian/Ubuntu ====
 <code>
+root@server:~# ###systemctl enable freeradius
 root@server:~# service freeradius restart
 </code>
@@ Line 103: / Line 111: @@
 $ radtest user1 rpassword1 127.0.0.1 0 testing123
+$ radtest root cisco 127.0.0.1 0 testing123
-# tail -f /var/log/freeradius/radius.log
+$ echo "User-Name=student,User-Password=password,NAS-IP-Address=127.0.0.1" | radclient localhost auth testing123
-$ echo "User-Name=401,User-Password=401,NAS-IP-Address=127.0.0.1" | radclient localhost auth testing123
-$ echo "User-Name=401,Acct-Session-Id=6000006B,Acct-Status-Type=Start,NAS-IP-Address=127.0.0.1,NAS-Port=401402"| radclient localhost acct testing123
+# tail -f /var/log/freeradius/radius.log
-# radwho -R
-$ echo "User-Name=401,Acct-Session-Id=6000006B,Acct-Status-Type=Stop,NAS-IP-Address=127.0.0.1,NAS-Port=401402"| radclient localhost acct testing123
 </code>
@@ Line 134: / Line 137: @@
 ===== EAP =====
-  * [[http://blog.depthsecurity.com/2010/11/when-8021xpeapeap-ttls-is-worse-than-no.html|When 802.1x/PEAP/EAP-TTLS is Worse Than No Wireless Security]]
+  * [[https://www.depthsecurity.com/blog/when-802-1x-peap-eap-ttls-is-worse-than-no-wireless-security/|When 802.1x/PEAP/EAP-TTLS Is Worse Than No Wireless Security]]
   * [[http://technet.microsoft.com/ru-ru/library/dd759219.aspx|Настройка проверки подлинности PEAP-TLS для беспроводных клиентов под управлением Windows 7 и Windows Vista]]
   * [[http://windows.microsoft.com/en-us/windows/enable-802-1x-authentication#1TC=windows-7|Enable 802.1X authentication Windows7]]
@@ Line 202: / Line 206: @@
 ...
 </code><code>
-mysql> insert into radcheck (username, attribute, value, op) values ("401", "Cleartext-Password", "401", ":=");
+mysql> insert into radcheck (username, attribute, value, op) values ("ussr1", "Cleartext-Password", "password1", ":=");
 mysql> select acctsessionid, username, acctstarttime, acctstoptime, callingstationid, calledstationid from radacct;

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools