Freeradius: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
Zeile 93: | Zeile 93: | ||
− | + | <pre> | |
+ | authorize { | ||
+ | ldap | ||
+ | } | ||
+ | authenticate { | ||
+ | Auth-Type LDAP { | ||
+ | ldap | ||
+ | } | ||
+ | } | ||
+ | preacct { | ||
+ | } | ||
+ | accounting { | ||
+ | } | ||
+ | session { | ||
+ | radutmp | ||
+ | } | ||
+ | post-auth { | ||
+ | exec | ||
+ | Post-Auth-Type REJECT { | ||
+ | attr_filter.access_reject | ||
+ | } | ||
+ | } | ||
+ | pre-proxy { | ||
+ | } | ||
+ | post-proxy { | ||
+ | } | ||
+ | </pre> | ||
+ | =default= | ||
+ | <pre> | ||
+ | cat /etc/freeradius/sites-enabled/default | ||
+ | authorize { | ||
+ | ldap | ||
+ | } | ||
+ | authenticate { | ||
+ | Auth-Type LDAP { | ||
+ | ldap | ||
+ | } | ||
+ | } | ||
+ | preacct { | ||
+ | } | ||
+ | accounting { | ||
+ | } | ||
+ | session { | ||
+ | radutmp | ||
+ | } | ||
+ | post-auth { | ||
+ | exec | ||
+ | Post-Auth-Type REJECT { | ||
+ | attr_filter.access_reject | ||
+ | } | ||
+ | } | ||
+ | pre-proxy { | ||
+ | } | ||
+ | post-proxy { | ||
+ | } | ||
+ | </pre> | ||
=links= | =links= |
Version vom 18. Dezember 2014, 08:55 Uhr
clients.conf
cat /etc/freeradius/clients.conf client localhost { ipaddr = 127.0.0.1 secret = secretkey nastype = other } client 192.168.0.0/16 { secret = secretkey nastype = other } client 10.0.0.0/8 { secret = secretkey nastype = other }
radiusd.conf
cat /etc/freeradius/radiusd.conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct name = freeradius confdir = ${raddbdir} run_dir = ${localstatedir}/run/${name} db_dir = ${raddbdir} libdir = /usr/lib/freeradius pidfile = ${run_dir}/${name}.pid user = freerad group = freerad max_request_time = 30 cleanup_delay = 5 max_requests = 1024 listen { type = auth ipaddr = * port = 0 } listen { ipaddr = * port = 0 type = acct } hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log { destination = files file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = no auth_badpass = no auth_goodpass = no } checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = yes } proxy_requests = yes $INCLUDE proxy.conf $INCLUDE clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { $INCLUDE ${confdir}/modules/ } instantiate { exec expr expiration logintime } $INCLUDE policy.conf $INCLUDE sites-enabled/
authorize { ldap } authenticate { Auth-Type LDAP { ldap } } preacct { } accounting { } session { radutmp } post-auth { exec Post-Auth-Type REJECT { attr_filter.access_reject } } pre-proxy { } post-proxy { }
default
cat /etc/freeradius/sites-enabled/default authorize { ldap } authenticate { Auth-Type LDAP { ldap } } preacct { } accounting { } session { radutmp } post-auth { exec Post-Auth-Type REJECT { attr_filter.access_reject } } pre-proxy { } post-proxy { }