Freeradius: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 93: | Zeile 93: | ||
| − | + | <pre> | |
| + | authorize { | ||
| + | ldap | ||
| + | } | ||
| + | authenticate { | ||
| + | Auth-Type LDAP { | ||
| + | ldap | ||
| + | } | ||
| + | } | ||
| + | preacct { | ||
| + | } | ||
| + | accounting { | ||
| + | } | ||
| + | session { | ||
| + | radutmp | ||
| + | } | ||
| + | post-auth { | ||
| + | exec | ||
| + | Post-Auth-Type REJECT { | ||
| + | attr_filter.access_reject | ||
| + | } | ||
| + | } | ||
| + | pre-proxy { | ||
| + | } | ||
| + | post-proxy { | ||
| + | } | ||
| + | </pre> | ||
| + | =default= | ||
| + | <pre> | ||
| + | cat /etc/freeradius/sites-enabled/default | ||
| + | authorize { | ||
| + | ldap | ||
| + | } | ||
| + | authenticate { | ||
| + | Auth-Type LDAP { | ||
| + | ldap | ||
| + | } | ||
| + | } | ||
| + | preacct { | ||
| + | } | ||
| + | accounting { | ||
| + | } | ||
| + | session { | ||
| + | radutmp | ||
| + | } | ||
| + | post-auth { | ||
| + | exec | ||
| + | Post-Auth-Type REJECT { | ||
| + | attr_filter.access_reject | ||
| + | } | ||
| + | } | ||
| + | pre-proxy { | ||
| + | } | ||
| + | post-proxy { | ||
| + | } | ||
| + | </pre> | ||
=links= | =links= | ||
Version vom 18. Dezember 2014, 08:55 Uhr
clients.conf
cat /etc/freeradius/clients.conf
client localhost {
ipaddr = 127.0.0.1
secret = secretkey
nastype = other
}
client 192.168.0.0/16 {
secret = secretkey
nastype = other
}
client 10.0.0.0/8 {
secret = secretkey
nastype = other
}
radiusd.conf
cat /etc/freeradius/radiusd.conf
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
name = freeradius
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/${name}.pid
user = freerad
group = freerad
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
type = auth
ipaddr = *
port = 0
}
listen {
ipaddr = *
port = 0
type = acct
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
$INCLUDE ${confdir}/modules/
}
instantiate {
exec
expr
expiration
logintime
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/
authorize {
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
}
preacct {
}
accounting {
}
session {
radutmp
}
post-auth {
exec
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
}
default
cat /etc/freeradius/sites-enabled/default
authorize {
ldap
}
authenticate {
Auth-Type LDAP {
ldap
}
}
preacct {
}
accounting {
}
session {
radutmp
}
post-auth {
exec
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
}