Freeradius: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
Zeile 1: | Zeile 1: | ||
+ | =clients.conf= | ||
+ | cat /etc/freeradius/clients.conf | ||
+ | client localhost { | ||
+ | ipaddr = 127.0.0.1 | ||
+ | secret = secretkey | ||
+ | nastype = other | ||
+ | } | ||
+ | client 192.168.0.0/16 { | ||
+ | secret = secretkey | ||
+ | nastype = other | ||
+ | } | ||
+ | client 10.0.0.0/8 { | ||
+ | secret = secretkey | ||
+ | nastype = other | ||
+ | } | ||
+ | =radiusd.conf= | ||
+ | <pre> | ||
+ | cat /etc/freeradius/radiusd.conf | ||
+ | prefix = /usr | ||
+ | exec_prefix = /usr | ||
+ | sysconfdir = /etc | ||
+ | localstatedir = /var | ||
+ | sbindir = ${exec_prefix}/sbin | ||
+ | logdir = /var/log/freeradius | ||
+ | raddbdir = /etc/freeradius | ||
+ | radacctdir = ${logdir}/radacct | ||
+ | name = freeradius | ||
+ | confdir = ${raddbdir} | ||
+ | run_dir = ${localstatedir}/run/${name} | ||
+ | db_dir = ${raddbdir} | ||
+ | libdir = /usr/lib/freeradius | ||
+ | pidfile = ${run_dir}/${name}.pid | ||
+ | user = freerad | ||
+ | group = freerad | ||
+ | max_request_time = 30 | ||
+ | cleanup_delay = 5 | ||
+ | max_requests = 1024 | ||
+ | listen { | ||
+ | type = auth | ||
+ | ipaddr = * | ||
+ | port = 0 | ||
+ | } | ||
+ | listen { | ||
+ | ipaddr = * | ||
+ | port = 0 | ||
+ | type = acct | ||
+ | } | ||
+ | hostname_lookups = no | ||
+ | allow_core_dumps = no | ||
+ | regular_expressions = yes | ||
+ | extended_expressions = yes | ||
+ | log { | ||
+ | destination = files | ||
+ | file = ${logdir}/radius.log | ||
+ | syslog_facility = daemon | ||
+ | stripped_names = no | ||
+ | auth = no | ||
+ | auth_badpass = no | ||
+ | auth_goodpass = no | ||
+ | } | ||
+ | checkrad = ${sbindir}/checkrad | ||
+ | security { | ||
+ | max_attributes = 200 | ||
+ | reject_delay = 1 | ||
+ | status_server = yes | ||
+ | } | ||
+ | proxy_requests = yes | ||
+ | $INCLUDE proxy.conf | ||
+ | $INCLUDE clients.conf | ||
+ | thread pool { | ||
+ | start_servers = 5 | ||
+ | max_servers = 32 | ||
+ | min_spare_servers = 3 | ||
+ | max_spare_servers = 10 | ||
+ | max_requests_per_server = 0 | ||
+ | } | ||
+ | modules { | ||
+ | $INCLUDE ${confdir}/modules/ | ||
+ | } | ||
+ | instantiate { | ||
+ | exec | ||
+ | expr | ||
+ | expiration | ||
+ | logintime | ||
+ | } | ||
+ | $INCLUDE policy.conf | ||
+ | $INCLUDE sites-enabled/ | ||
+ | </pre> | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
=links= | =links= | ||
*http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/radius.html | *http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/radius.html | ||
*http://paulgporter.net/2013/07/14/freeradius-ldaps/ | *http://paulgporter.net/2013/07/14/freeradius-ldaps/ | ||
*http://ubuntuforums.org/showthread.php?t=1976883 | *http://ubuntuforums.org/showthread.php?t=1976883 |
Version vom 18. Dezember 2014, 08:51 Uhr
clients.conf
cat /etc/freeradius/clients.conf client localhost { ipaddr = 127.0.0.1 secret = secretkey nastype = other } client 192.168.0.0/16 {
secret = secretkey
nastype = other } client 10.0.0.0/8 { secret = secretkey nastype = other }
radiusd.conf
cat /etc/freeradius/radiusd.conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct name = freeradius confdir = ${raddbdir} run_dir = ${localstatedir}/run/${name} db_dir = ${raddbdir} libdir = /usr/lib/freeradius pidfile = ${run_dir}/${name}.pid user = freerad group = freerad max_request_time = 30 cleanup_delay = 5 max_requests = 1024 listen { type = auth ipaddr = * port = 0 } listen { ipaddr = * port = 0 type = acct } hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log { destination = files file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = no auth_badpass = no auth_goodpass = no } checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = yes } proxy_requests = yes $INCLUDE proxy.conf $INCLUDE clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { $INCLUDE ${confdir}/modules/ } instantiate { exec expr expiration logintime } $INCLUDE policy.conf $INCLUDE sites-enabled/