ขั้นตอนการติดตั้ง Freeradius-1.1.2
Download Freeradius-1.1.2.tar.gz เก็บไว้ที่
cd /usr/local/src แตก filetar –xzvf Freeradius-1.1.2.tar.gz
cd freeradius1.1.2./configuremake
เป็นขั้นตอนในการ Compile โปรแกรม freeradius makeinstall
เป็นขั้นตอนในการ Install โปรแกรม freeradius
สั่ง Run Debug Mode
[root@RADIUS bin]# radiusd -Xxx -A
Sun Dec 3 16:56:07 2006 : Info: Starting - reading configuration files ...
Sun Dec 3 16:56:07 2006 : Debug: reread_config: reading radiusd.conf
Sun Dec 3 16:56:07 2006 : Debug: Config: including file: /usr/local/etc/raddb/proxy.conf
Sun Dec 3 16:56:07 2006 : Debug: Config: including file: /usr/local/etc/raddb/clients.conf
Sun Dec 3 16:56:07 2006 : Debug: Config: including file: /usr/local/etc/raddb/snmp.conf
Sun Dec 3 16:56:07 2006 : Debug: Config: including file: /usr/local/etc/raddb/eap.conf
Sun Dec 3 16:56:07 2006 : Debug: Config: including file: /usr/local/etc/raddb/sql.conf
Sun Dec 3 16:56:07 2006 : Debug: main: prefix = "/usr/local"
Sun Dec 3 16:56:07 2006 : Debug: main: localstatedir = "/usr/local/var"
Sun Dec 3 16:56:07 2006 : Debug: main: logdir = "/usr/local/var/log/radius"
Sun Dec 3 16:56:07 2006 : Debug: main: libdir = "/usr/local/lib"
Sun Dec 3 16:56:07 2006 : Debug: main: radacctdir = "/usr/local/var/log/radius/radacct"
Sun Dec 3 16:56:07 2006 : Debug: main: hostname_lookups = yes
Sun Dec 3 16:56:07 2006 : Debug: main: max_request_time = 30
Sun Dec 3 16:56:07 2006 : Debug: main: cleanup_delay = 5
Sun Dec 3 16:56:07 2006 : Debug: main: max_requests = 1024
Sun Dec 3 16:56:07 2006 : Debug: main: delete_blocked_requests = 0
Sun Dec 3 16:56:07 2006 : Debug: main: port = 1812
Sun Dec 3 16:56:07 2006 : Debug: main: allow_core_dumps = yes
Sun Dec 3 16:56:07 2006 : Debug: main: log_stripped_names = yes
Sun Dec 3 16:56:07 2006 : Debug: main: log_file = "/usr/local/var/log/radius/radius.log"
Sun Dec 3 16:56:07 2006 : Debug: main: log_auth = yes
Sun Dec 3 16:56:07 2006 : Debug: main: log_auth_badpass = yes
Sun Dec 3 16:56:07 2006 : Debug: main: log_auth_goodpass = yes
Sun Dec 3 16:56:07 2006 : Debug: main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
Sun Dec 3 16:56:07 2006 : Debug: main: user = "(null)"
Sun Dec 3 16:56:07 2006 : Debug: main: group = "(null)"
Sun Dec 3 16:56:07 2006 : Debug: main: usercollide = no
Sun Dec 3 16:56:07 2006 : Debug: main: lower_user = "admin"
Sun Dec 3 16:56:07 2006 : Debug: main: lower_pass = "admin"
Sun Dec 3 16:56:07 2006 : Debug: main: nospace_user = "no"
Sun Dec 3 16:56:07 2006 : Debug: main: nospace_pass = "no"
Sun Dec 3 16:56:07 2006 : Debug: main: checkrad = "/usr/local/sbin/checkrad"
Sun Dec 3 16:56:07 2006 : Debug: main: proxy_requests = yes
Sun Dec 3 16:56:07 2006 : Debug: proxy: retry_delay = 5
Sun Dec 3 16:56:07 2006 : Debug: proxy: retry_count = 3
Sun Dec 3 16:56:07 2006 : Debug: proxy: synchronous = yes
Sun Dec 3 16:56:07 2006 : Debug: proxy: default_fallback = yes
Sun Dec 3 16:56:07 2006 : Debug: proxy: dead_time = 120
Sun Dec 3 16:56:07 2006 : Debug: proxy: post_proxy_authorize = yes
Sun Dec 3 16:56:07 2006 : Debug: proxy: wake_all_if_all_dead = no
Sun Dec 3 16:56:07 2006 : Debug: security: max_attributes = 200
Sun Dec 3 16:56:07 2006 : Debug: security: reject_delay = 1
Sun Dec 3 16:56:07 2006 : Debug: security: status_server = yes
Sun Dec 3 16:56:07 2006 : Debug: main: debug_level = 0
Sun Dec 3 16:56:07 2006 : Debug: read_config_files: reading dictionary
Sun Dec 3 16:56:07 2006 : Debug: read_config_files: reading naslist
Sun Dec 3 16:56:07 2006 : Info: Using deprecated naslist file. Support for this will go away soon.Sun Dec 3 16:56:07 2006 : Debug: read_config_files: reading clients
Sun Dec 3 16:56:07 2006 : Info: Using deprecated clients file. Support for this will go away soon.Sun Dec 3 16:56:07 2006 : Debug: read_config_files: reading realms
Sun Dec 3 16:56:07 2006 : Error: There appears to be another RADIUS server running on the authentication port 1812
เสร็จสิ้นขั้นตอนการติดตั้ง Freeradius-1.1.2
********************************************
โครงสร้างของ File Freeradius ที่ทำการ ติดตั้งมีลักษณะตั้งนี้
(1) /usr/local/etc/raddb ใช้ในการ Configure File
(2) /usr/local/bin ใช้ในการทดสอบ Radius Client radtest
(3) /usr/local/sbin ใช้ในการ Run Debug Mode radiusd
(4) /etc/services ใช้ในการเปิด port 1812,1813
(5) /var/radius/log ใช้ในการดู Log file
(6) /usr/local/lib เป็น Library ของ Freeradius
(7) /usr/local/share/freeradius
(8) /usr/local/share/doc/freeradius-1.1.2 เป็น Document
*******************************************
Cd /usr/local/etc/raddb
File ที่จะต้องทำการ Configure
(1) radiusd.conf
(2) clients.conf
(3) eap.conf
(4) sql.conf
(5) naslist
(6) client
(7) dictionary
**************************************************************
ขั้นตอนการ Config file radiusd.conf
config radiusd.conf
(1) เพิ่ม Modules sqlcounter noresetcounter เพื่อใจดการเกี่ยวกับเวลา
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'"
}
(2) แทรก Modules noresetcounter ที่ instantiate เพื่อทำการเรียกใช้ Modules sqlcounter ให้ทำงาน
instantiate {
…
noresetcounter
…
}
(3) แทรก Modules noresetcounter ที่ authorize เพื่อทำการเรียกใช้ Modules sqlcounter ให้ทำงาน ในส่วนของการตรวจสอบเวลา และ ยกเลิกการ Comment #sql ออก เพื่อเรียกใช้ข้อมูลจาก database ในการตรวจสอบ UserName password
authorize {.
...
sql
noresetcounter
...
}
(4) ยกเลิกการ Comment #sql ออก เพื่อเรียกใช้ข้อมูลจาก database ในการตรวจสอบ UserName password
accounting {
…
sql
…
}
(5) ยกเลิกการ Comment #sql ออก เพื่อเรียกใช้ข้อมูลจาก database ในการตรวจสอบ UserName password ในการทำ session
session {
…
sql
…
}
ขั้นตอนการ Config file client.conf ใช้สำหรับรับ IP จาก Client ที่จะทำการ Connect เข้ามายัง Radius Server
secret = testing เป็น secret ที่ Client จะต้องใช้ในการ Connect เปรียบเหมือน Password
shortname= private-network
nastype = other
}
*************************************************************************
ขั้นตอนการ Config file eap.conf ใช้ในการเข้ารหัส ของ Radius Server ได้แก่ การเข้ารหัสแบบ
(1) EAP (Extensible Authentication Protocol )
(2) PEAP (Protected Extensible Authentication protocol)
(3) MSCHAP (Microsoft Challenge Handshake Protocol)
(4) GTC (Generic Token Card)
(5) MD5 (Message Digest #5)
(6) LEAP (Lightweight Extensible Authentication Protocol )
(7) TLS (Transport Layer Security)
(8) TTLS (Tunneled Transport Layer Security )
eap{
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
check_crl = yes
check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"
check_cert_cn = %{User-Name}
cipher_list = "DEFAULT"
}
Peap {
default_eap_type = mschapv2
}
}
********************************************
ขั้นตอนการ Config file sql.conf ใช้ในการติดต่อกับฐานข้อมูลที่สร้างขึ้น
login = "root"
password = "mysqlradius"
****************************************
ขั้นตอนการ Config file naslist เป็นไฟล์ ที่บ่งบอกว่า Client นั้นเป็น อุปกรณ์ชนิดใด ถ้าเป็น portslave จะทำการตรวจสอบ User Account จากเครื่อง Server
ถ้าเป็น other จะทำการตรวจสอบจากเครื่อง PC เป็นเครื่องเอง
localhost local portslave
10.114.0.2 private-network other
***************************************
ข ั้นตอนการ Config file client เป็นไฟล์ที่กำหนดว่าจะอนุญาตให้อุปกรณ์ NAS ใดมีสิทธิ์ในการตรวจสอบสิทธิ์ User Account และ Password ได้บ้าง
10.114.0.2 testing
************************************************
ขั้นตอนการ Config file Dictionary เป็นไฟล์ที่บ่บอกถึง Attribute ของ Client เพื่อบอกเวลาในการใช้งานของ Client
***********************************************
ขั้นตอนการทดสอบระบบ run Debug Mode
radiusd -X
ใช้เพื่อทำการตรวจสอบการทำงานของ Radius Server ว่ามี Error หรือไม่
***************************************
Test radius
ใช้ในการตรวจสอบการ Connect ของ Client มายัง Radius Server
radtest cigpin6 test 10.114.0.2 1812 testing
rad_recv: Access-Request packet from host 10.114.0.46:3072, id=1, length=171
User-Name = "cigpin6"
NAS-IP-Address = 10.114.0.46
Called-Station-Id = "00904c910001"
Calling-Station-Id = "0012f0a41c6c"
NAS-Identifier = "00904c910001"
NAS-Port = 20
Framed-MTU = 1400
State = 0xa999bff286555c9e267e8a51df061523
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020800261900170301001bc9c82c0f5375762e255c1efebde18382d938a47fcaed093c610505 Message-Authenticator = 0x6e82f497e345957e69e799272fa6ecaa
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 45
modcall[authorize]: module "preprocess" returns ok for request 45
modcall[authorize]: module "chap" returns noop for request 45
modcall[authorize]: module "mschap" returns noop for request 45
rlm_realm: No '@' in User-Name = "cigpin6", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 45
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 45
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 45
radius_xlat: 'cigpin6'
rlm_sql (sql): sql_set_user escaped user --> 'cigpin6'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'cigpin6' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'cigpin6' ORDER BY id
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'cigpin6' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'cigpin6' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'cigpin6' ORDER BY id'
rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'cigpin6' ORDER BY id
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'cigpin6' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'cigpin6' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module "sql" returns ok for request 45
modcall: leaving group authorize (returns updated) for request 45
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 45
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Success
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 45
modcall: leaving group authenticate (returns ok) for request 45
Processing the session section of radiusd.conf
modcall: entering group session for request 45
radius_xlat: '/usr/local/var/log/radius/radutmp'
modcall[session]: module "radutmp" returns ok for request 45
modcall: leaving group session (returns ok) for request 45
Sending Access-Accept of id 1 to 10.114.0.46 port 3072
MS-MPPE-Recv-Key = 0x011bc97b1fa2811eb55cb77bf8e794c71068c53017bc01c045befba31321f375
MS-MPPE-Send-Key = 0x92d5375e63c2ecfa501c403af6d7f71b5c4ada43e9fb3fbfe15bf50fe0a1796a
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "cigpin6"
Finished request 45
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 45 ID 1 with timestamp 45790f16
Nothing to do. Sleeping until we see a request.
***********************************
kill radius Server
กด Contrlo C เพื่อหยุดการทำงานของ Radius Server และใช้คำสั่ง
kill -9 `ps -A grep radiusd gawk '{ print $1 }'`
เพื่อ ทำลาย Service ของ Server หลังจากนั้นค่อย Run ขึ้นมาใหม่ โดยใช้คำสั่ง radius –X
เป็นการเริ่มการทำงานใหม่ คล้ายกันกับการ Restart ระบบ
******************** The End **********************
7 comments:
Well written article.
[url=http://diyetishki.ru]Мини игра ну погоди скачать[/url]
скачать пробную версию касперского 6.0
скачать програму mozilla firefox
скачать самый лудший фильм
скачать выкройку мини юбки
скачать неро wave editor
mama mia саундтрек скачать
скачать патч для айон
скачать читалку книг для psp
скачать словарь терминов по педагогике
скачать программы pocket pc 2003
симулятор радиоуправляемого вертолета скачать
[url=http://dnevnik.bigmir.net/groups/article/56472]купить парфюм через интернет[/url]
[url=http://dnevnik.bigmir.net/groups/article/56473]дгде купить парфюм [/url]
[url=http://dnevnik.bigmir.net/groups/article/56472]купить парфюм[/url]
[url=http://dnevnik.bigmir.net/groups/article/56470]духи киев[/url]
[url=http://dnevnik.bigmir.net/groups/article/56472]куплю парфюм [/url]
Coriceden Cold Medicine
http://www.ilovemorganhill.com - generic cialis tadalafil
Isn’t it a great news.
[url=http://www.ilovemorganhill.com]order cialis online[/url]
Cialis is again used for treating Raynaud’s phenomenon.
cheapest cialis
So just have a quick synapse of its working.
[url=http://fenoletipyks.ru]Фильм сумерки 2 видео[/url]
Как говорилось на Seexi.net Помогите советом, очень нужна поддержка. Мне 26 лет, замужем. Так вот, случилась у меня неделю назад задержка. Ну особо я не припаривалась, поскольку до этого принимала Диане-35 и решила, что это как-то связано с отменой...Тем больше, тест с самого начала показал одну полоску всего. А сегодня решила сделать еще один, для самоуспокоения...А он лестный!!! Вроде и новость не из самых плохих, какие бывают, и благоверный рад.... А мне как-то не по себе...просто до слез почему-то(((( Учусь в ВУЗе заочно (получаю второе воспитание), не работаю. Как сейчас я буду учиться: все экзамены сдают, а я с пузом или же хуже - рожаю. Искала работу - сейчас никто не поймет...Вроде надо как-то веселиться и готовиться к материнству, а ничего этого не хочется. Как себя настроить на неплохое? Как успокоиться?
There are several [url=http://www.vbboots.co.uk/ugg-boots-classic-tall-c-40.html]Ugg Classic Tall Boots[/url]
various types of these boots are obtainable now. But not all of them are authentic. Now a lot of folks are facing a dilemma-authentic boots are pricey even though fake ones are poor. Ugg boots are one particular of the trendiest footwear there are present. This is not only due to the fact of these boots' artistic charm but also simply because of the puff that they admit the wearer. The fact that these boots are also lives spent by the greatest Hollywood celebrities and supermodels is http://www.vbboots.co.uk/ugg-boots-metallic-short-c-39.html
also a huge fillip when it comes to possessing a couple of them.
The all-natural heated properties of sheepskin make feasible that kUgg Boots will warm you in the winter but in the summer time your feet will not be wet. It is accurate that Ugg is shorter from wicked , but if you know even small bit about style you will know that pUgg boots are not ugly. We can see renowned folks like Pamela Anderson or Kate Hudson wearing low cost wUgg Boots.
Ad-sense World wide web tools make obtainable to you Ad sense HTML (Hyper Textual content material Markup Tongue) posting area code to position on the internet web sites that you genuinely would like to reveal that classified advertisements. The actual Adwords which is to be produced when utilizing the Internet web site Application matched to all of the keywords assessment,UGG sale, message consistency, plus the more than-all backlink shape of the world wide web. Google adsense could have a very good notion the issues your personal website is centred on,UGG sale UK, and it can specifically match up with a advert [url=http://www.netsboot.com/ugg-boots-classic-tall-c-40.html]Ugg Boots Classic Tall[/url]
on the topic of each and every single net web page..
coach outlet store online Screw in hinges onto each piece connecting the three. Reverse the directions of the hinges among the 2nd and 3rd pieces. Stand it in the corner of the space or even behind your desk. The shaft height on Men's Traditional short is eight.5 inches. Made of complete-grain waterproof leather, this motorcycle boot has metal buckle specifics and a molded rubber outsole. With two interchangeable insoles of leather and sheepskin, your comfort can be customized as required.
By the way, some ears can't accommodate the Otolens because of their shape and size. Starkey may be able to make a "hybrid" solution. For instance, if one's ear canal narrows so that they can't rather get all the elements in spot, Starkey may possibly truly be in a position to make a combination CIC/Otolens design exactly where the hearing aid is smaller sized than a CIC but the faceplate comes out a small farther than an otolens.
You might even spend for which belonging to the shop which will has for sale Uggs shoes and boots. Click on the tuition of your rinse out far better together with clean these http://www.vbboots.co.uk
shoes with freezing fluids. To the the white kind of people, you could use any rinse off [url=http://www.vbboots.co.uk/]Ugg Boots cheap[/url]
cleaner and numerous water that is clean to clear out that unattractive stains for them right after which it dry searching him or her within the place for you is correct air flow with out steer sunshine.
They are solid slippers which will in no way break for a long time. It is employed at house but it is so fashionable that it can be worn [url=http://www.dalinsell.co.uk/]Ugg Boots sale[/url]
outside too. It will keep your feet cold in summer season and warm in winter. UGG boots are readily available in a cute schemes to boost your son's joy. infant's Cardy is actually an mysterious stuff about that drives best knit uppers, pleasure and visual you truly feel cabinets all alongside the shaft and very best sheepskin reduce edge bed. It really is appended in orchid bloom, chocolate, facilities punch, ebony and carefully guided colours, consequently they are you are obtaining right away right after pick the boots a smaller sized quantity child's favourite color..
Post a Comment