Freeradius: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
(Der Seiteninhalt wurde durch einen anderen Text ersetzt: „=installation= *apt-get install freeradius freeradius-ldap *freeradius leap *freeradius peap =links= *http://www.tldp.org/H…“)
Zeile 1: Zeile 1:
 
=installation=
 
=installation=
 
*apt-get install freeradius freeradius-ldap
 
*apt-get install freeradius freeradius-ldap
 
+
*[[freeradius leap]]
=clients.conf=
+
*[[freeradius peap]]
<pre>
 
cat /etc/freeradius/clients.conf
 
client localhost {
 
ipaddr = 127.0.0.1
 
secret = secretkey
 
nastype    = other
 
}
 
client 192.168.0.0/16 {
 
secret = secretkey
 
nastype = other
 
}
 
client 10.0.0.0/8 {
 
secret = secretkey
 
nastype = other
 
}
 
</pre>
 
 
 
=radiusd.conf=
 
<pre>
 
cat  /etc/freeradius/radiusd.conf
 
prefix = /usr
 
exec_prefix = /usr
 
sysconfdir = /etc
 
localstatedir = /var
 
sbindir = ${exec_prefix}/sbin
 
logdir = /var/log/freeradius
 
raddbdir = /etc/freeradius
 
radacctdir = ${logdir}/radacct
 
name = freeradius
 
confdir = ${raddbdir}
 
run_dir = ${localstatedir}/run/${name}
 
db_dir = ${raddbdir}
 
libdir = /usr/lib/freeradius
 
pidfile = ${run_dir}/${name}.pid
 
user = freerad
 
group = freerad
 
max_request_time = 30
 
cleanup_delay = 5
 
max_requests = 1024
 
listen {
 
type = auth
 
ipaddr = *
 
port = 0
 
}
 
listen {
 
ipaddr = *
 
port = 0
 
type = acct
 
}
 
hostname_lookups = no
 
allow_core_dumps = no
 
regular_expressions    = yes
 
extended_expressions    = yes
 
log {
 
destination = files
 
file = ${logdir}/radius.log
 
syslog_facility = daemon
 
stripped_names = no
 
auth = no
 
auth_badpass = no
 
auth_goodpass = no
 
}
 
checkrad = ${sbindir}/checkrad
 
security {
 
max_attributes = 200
 
reject_delay = 1
 
status_server = yes
 
}
 
proxy_requests  = yes
 
$INCLUDE proxy.conf
 
$INCLUDE clients.conf
 
thread pool {
 
start_servers = 5
 
max_servers = 32
 
min_spare_servers = 3
 
max_spare_servers = 10
 
max_requests_per_server = 0
 
}
 
modules {
 
$INCLUDE ${confdir}/modules/
 
}
 
instantiate {
 
exec
 
expr
 
expiration
 
logintime
 
}
 
$INCLUDE policy.conf
 
$INCLUDE sites-enabled/
 
</pre>
 
=ldap=
 
<pre>
 
cat /etc/freeradius/modules/ldap
 
ldap {
 
server = "hoor.xmen.de"
 
port = "636"
 
basedn = "dc=linuggs,dc=de"
 
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
 
ldap_connections_number = 5
 
timeout = 4
 
timelimit = 3
 
net_timeout = 1
 
dictionary_mapping = ${confdir}/ldap.attrmap
 
edir_account_policy_check = no
 
set_auth_type = yes
 
}
 
</pre>
 
 
 
=default=
 
<pre>
 
cat /etc/freeradius/sites-enabled/default
 
authorize {
 
ldap
 
}
 
authenticate {
 
Auth-Type LDAP {
 
ldap
 
}
 
}
 
preacct {
 
}
 
accounting {
 
}
 
session {
 
radutmp
 
}
 
post-auth {
 
exec
 
Post-Auth-Type REJECT {
 
attr_filter.access_reject
 
}
 
}
 
pre-proxy {
 
}
 
post-proxy {
 
}
 
</pre>
 
 
 
=inner-tunnel=
 
<pre>
 
server inner-tunnel {
 
authorize {
 
ldap
 
}
 
authenticate {
 
Auth-Type LDAP {
 
ldap
 
}
 
}
 
session {
 
radutmp
 
}
 
post-auth {
 
Post-Auth-Type REJECT {
 
attr_filter.access_reject
 
}
 
}
 
pre-proxy {
 
}
 
post-proxy {
 
}
 
}
 
</pre>
 
 
 
=test=
 
==console 1==
 
*freeradius -X
 
<pre>
 
...
 
Module: Checking post-auth {...} for more modules to load
 
} # modules
 
} # server
 
radiusd: #### Opening IP addresses and Ports ####
 
listen {
 
type = "auth"
 
ipaddr = *
 
port = 0
 
}
 
listen {
 
type = "acct"
 
ipaddr = *
 
port = 0
 
}
 
... adding new socket proxy address * port 40079
 
Listening on authentication address * port 1812
 
Listening on accounting address * port 1813
 
Listening on proxy address * port 1814
 
Ready to process requests.
 
</pre>
 
 
 
==console 2==
 
===postiv===
 
*radtest badura.vonodinsraben  suxer localhost  1812 secretkey
 
<pre>
 
Sending Access-Request of id 52 to 127.0.0.1 port 1812
 
User-Name = "badura.vonodinsraben"
 
User-Password = "suxer"
 
NAS-IP-Address = 192.168.244.153
 
NAS-Port = 1812
 
Message-Authenticator = 0x00000000000000000000000000000000
 
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=52, length=20
 
</pre>
 
===negativ===
 
*radtest badura.vonodinsraben  falsch localhost  1812 secretkey
 
<pre>
 
Sending Access-Request of id 218 to 127.0.0.1 port 1812
 
User-Name = "badura.vonodinsraben"
 
User-Password = "falsch"
 
NAS-IP-Address = 192.168.244.153
 
NAS-Port = 1812
 
Message-Authenticator = 0x00000000000000000000000000000000
 
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=218, length=20
 
</pre>
 
  
 
=links=
 
=links=

Version vom 5. Februar 2015, 16:20 Uhr

installation

links

Abgerufen von „https://xinux.net/index.php?title=Freeradius&oldid=6393