User Tools
сервис_freeradius
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
сервис_freeradius [2020/04/23 16:57] val [Windows] |
сервис_freeradius [2023/02/14 09:04] val [Тестирование сервера] |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| !!! Ставится 2-3 минуты !!! | !!! Ставится 2-3 минуты !!! | ||
| - | ==== Debian 9, 10 ==== | ||
| - | <code> | ||
| - | root@server:~# apt install freeradius | ||
| - | |||
| - | root@server:~# cd /etc/freeradius/3.0/ | ||
| - | </code> | ||
| - | |||
| ==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
| <code> | <code> | ||
| root@server:~# apt install freeradius | root@server:~# apt install freeradius | ||
| - | root@server:~# cd /etc/freeradius/ | + | ubuntu20# systemctl enable freeradius |
| </code> | </code> | ||
| Line 25: | Line 18: | ||
| [root@server ~]# yum install freeradius-utils | [root@server ~]# yum install freeradius-utils | ||
| - | [root@server ~]# cd /etc/raddb/ | + | [root@server ~]# ls /etc/raddb/ |
| </code> | </code> | ||
| Line 36: | Line 29: | ||
| <code> | <code> | ||
| - | server# cat clients.conf | + | server# cat /etc/freeradius/3.0/clients.conf |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 48: | Line 41: | ||
| shortname = switch | shortname = switch | ||
| } | } | ||
| + | |||
| + | #client switch1 { secret = testing123 } | ||
| + | #client switch2 { secret = testing123 } | ||
| + | #client switch3 { secret = testing123 } | ||
| </code><code> | </code><code> | ||
| - | server# :> users | + | server# :> /etc/freeradius/3.0/users |
| - | server# cat users | + | server# cat /etc/freeradius/3.0/users |
| </code><code> | </code><code> | ||
| user1 Cleartext-Password := "rpassword1" | user1 Cleartext-Password := "rpassword1" | ||
| Line 63: | Line 60: | ||
| student Cleartext-Password := "password" | student Cleartext-Password := "password" | ||
| - | 401 Cleartext-Password := "401", Simultaneous-Use := 1 | + | ## for ansible |
| - | + | #root Cleartext-Password := "cisco" | |
| - | 402 Cleartext-Password := "402", Simultaneous-Use := 1 | + | # Service-Type = NAS-Prompt-User, |
| - | + | # cisco-avpair = "shell:priv-lvl=15" | |
| - | 403 Cleartext-Password := "403", Simultaneous-Use := 2 | + | |
| </code><code> | </code><code> | ||
| - | server# cat radiusd.conf | + | server# cat /etc/freeradius/3.0/radiusd.conf |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 78: | Line 73: | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | server# cat sites-available/default | + | server# cat /etc/freeradius/3.0/sites-available/default |
| </code><code> | </code><code> | ||
| authorize { | authorize { | ||
| Line 93: | Line 88: | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | server# cat mods-available/radutmp | + | server# cat /etc/freeradius/3.0/mods-available/radutmp |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 100: | Line 95: | ||
| </code> | </code> | ||
| - | |||
| - | ==== Настройка с использованием mysql ==== | ||
| - | |||
| - | * [[https://wiki.freeradius.org/guide/SQL-HOWTO|guide/SQL HOWTO]] | ||
| - | * [[https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu|guide/SQL HOWTO for freeradius 3.x on Debian Ubuntu]] | ||
| - | |||
| - | <code> | ||
| - | # apt install freeradius-mysql | ||
| - | |||
| - | mysql> CREATE DATABASE radius; | ||
| - | mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass"; | ||
| - | |||
| - | # mysql radius < /etc/freeradius/sql/mysql/schema.sql | ||
| - | |||
| - | # cat radiusd.conf | ||
| - | </code><code> | ||
| - | ... | ||
| - | $INCLUDE sql.conf | ||
| - | ... | ||
| - | </code><code> | ||
| - | # cat sql.conf | ||
| - | </code><code> | ||
| - | ... | ||
| - | database = "mysql" | ||
| - | ... | ||
| - | </code><code> | ||
| - | # cat sites-available/default | ||
| - | </code><code> | ||
| - | ... | ||
| - | authorize { | ||
| - | ... | ||
| - | sql | ||
| - | ... | ||
| - | accounting { | ||
| - | ... | ||
| - | sql | ||
| - | ... | ||
| - | </code><code> | ||
| - | mysql> insert into radcheck (username, attribute, value, op) values ("401", "Cleartext-Password", "401", ":="); | ||
| - | |||
| - | mysql> select acctsessionid, username, acctstarttime, acctstoptime, callingstationid, calledstationid from radacct; | ||
| - | </code> | ||
| ===== Запуск сервера ===== | ===== Запуск сервера ===== | ||
| ==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
| <code> | <code> | ||
| + | root@server:~# systemctl enable freeradius | ||
| + | |||
| root@server:~# service freeradius restart | root@server:~# service freeradius restart | ||
| - | </code> | ||
| - | |||
| - | ==== FreeBSD ==== | ||
| - | <code> | ||
| - | [server:~] # service radiusd start | ||
| - | </code> | ||
| - | |||
| - | ==== Windows ==== | ||
| - | |||
| - | <code> | ||
| - | C:\FreeRADIUS.net>start_radiusd_debug.bat | ||
| </code> | </code> | ||
| Line 169: | Line 113: | ||
| $ radtest user1 rpassword1 127.0.0.1 0 testing123 | $ radtest user1 rpassword1 127.0.0.1 0 testing123 | ||
| + | |||
| + | $ echo "User-Name=student,User-Password=password,NAS-IP-Address=127.0.0.1" | radclient localhost auth testing123 | ||
| + | |||
| + | # tail -f /var/log/freeradius/radius.log | ||
| + | |||
| + | |||
| $ echo "User-Name=401,User-Password=401,NAS-IP-Address=127.0.0.1" | radclient localhost auth testing123 | $ echo "User-Name=401,User-Password=401,NAS-IP-Address=127.0.0.1" | radclient localhost auth testing123 | ||
| Line 194: | Line 144: | ||
| server# /usr/local/radiusreport-0.3b6/radiusreport -tba -l user1 -f /var/log/radacct/192.168.X.1/detail-XXXXX | server# /usr/local/radiusreport-0.3b6/radiusreport -tba -l user1 -f /var/log/radacct/192.168.X.1/detail-XXXXX | ||
| - | </code> | ||
| - | |||
| - | ===== Использование proxy ===== | ||
| - | <code> | ||
| - | root@proxy:~# cat /etc/freeradius/proxy.conf | ||
| - | </code><code> | ||
| - | ... | ||
| - | realm NULL { | ||
| - | authhost = radius1.corpX.un:1812 | ||
| - | authhost = radius1.corpX.un:1812 | ||
| - | secret = testing123 | ||
| - | } | ||
| - | |||
| - | realm isp.un { | ||
| - | authhost = radius.isp.un:1812 | ||
| - | authhost = radius.isp.un:1812 | ||
| - | secret = testing123 | ||
| - | } | ||
| - | |||
| - | realm DEFAULT { | ||
| - | authhost = radius2.corpX.un:1812 | ||
| - | authhost = radius2.corpX.un:1812 | ||
| - | secret = testing123 | ||
| - | } | ||
| </code> | </code> | ||
| Line 228: | Line 154: | ||
| <code> | <code> | ||
| - | freeradius2# cat eap.conf | + | freeradius3# cat /etc/freeradius/3.0/mods-available/eap |
| - | + | ||
| - | freeradius3# cat mods-available/eap | + | |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 236: | Line 160: | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| - | freeradius2# cat modules/mschap | + | freeradius3# cat /etc/freeradius/3.0/mods-available/mschap |
| - | + | ||
| - | freeradius3# cat mods-available/mschap | + | |
| - | freeradius3# cat mods-available/preprocess | + | |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 247: | Line 168: | ||
| ... | ... | ||
| require_strong = yes | require_strong = yes | ||
| + | ... | ||
| + | </code><code> | ||
| + | freeradius3# cat /etc/freeradius/3.0/mods-available/preprocess | ||
| + | </code><code> | ||
| ... | ... | ||
| with_ntdomain_hack = yes | with_ntdomain_hack = yes | ||
| Line 253: | Line 178: | ||
| ===== Дополнительные материалы ===== | ===== Дополнительные материалы ===== | ||
| + | |||
| + | ==== Настройка с использованием mysql ==== | ||
| + | |||
| + | * [[https://wiki.freeradius.org/guide/SQL-HOWTO|guide/SQL HOWTO]] | ||
| + | * [[https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu|guide/SQL HOWTO for freeradius 3.x on Debian Ubuntu]] | ||
| + | |||
| + | <code> | ||
| + | # apt install freeradius-mysql | ||
| + | |||
| + | mysql> CREATE DATABASE radius; | ||
| + | mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "radpass"; | ||
| + | |||
| + | # mysql radius < /etc/freeradius/sql/mysql/schema.sql | ||
| + | |||
| + | # cat radiusd.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | $INCLUDE sql.conf | ||
| + | ... | ||
| + | </code><code> | ||
| + | # cat sql.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | database = "mysql" | ||
| + | ... | ||
| + | </code><code> | ||
| + | # cat sites-available/default | ||
| + | </code><code> | ||
| + | ... | ||
| + | authorize { | ||
| + | ... | ||
| + | sql | ||
| + | ... | ||
| + | accounting { | ||
| + | ... | ||
| + | sql | ||
| + | ... | ||
| + | </code><code> | ||
| + | mysql> insert into radcheck (username, attribute, value, op) values ("401", "Cleartext-Password", "401", ":="); | ||
| + | |||
| + | mysql> select acctsessionid, username, acctstarttime, acctstoptime, callingstationid, calledstationid from radacct; | ||
| + | </code> | ||
| + | |||
| + | ==== EAP сертификаты ==== | ||
| <code> | <code> | ||
| Line 284: | Line 253: | ||
| > # CA_file = ${cadir}/ca.pem | > # CA_file = ${cadir}/ca.pem | ||
| > CA_file = ${cadir}/int.geotrust.crt | > CA_file = ${cadir}/int.geotrust.crt | ||
| + | </code> | ||
| + | |||
| + | ==== Использование proxy ==== | ||
| + | <code> | ||
| + | root@proxy:~# cat /etc/freeradius/proxy.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | realm NULL { | ||
| + | authhost = radius1.corpX.un:1812 | ||
| + | authhost = radius1.corpX.un:1812 | ||
| + | secret = testing123 | ||
| + | } | ||
| + | |||
| + | realm isp.un { | ||
| + | authhost = radius.isp.un:1812 | ||
| + | authhost = radius.isp.un:1812 | ||
| + | secret = testing123 | ||
| + | } | ||
| + | |||
| + | realm DEFAULT { | ||
| + | authhost = radius2.corpX.un:1812 | ||
| + | authhost = radius2.corpX.un:1812 | ||
| + | secret = testing123 | ||
| + | } | ||
| </code> | </code> | ||
сервис_freeradius.txt · Last modified: 2023/06/28 12:00 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
