Академический Документы
Профессиональный Документы
Культура Документы
- Note with all scenarios SSH AND LAMP PACKAGES are installed already (you can install
it during the Ubuntu system installation ) and the system that used is Linux Ubuntu 15.4
scenario 1
# vim /etc/freeradius/clients.conf
client 192.168.1.0/24 {
secret = cisco
nastype = cisco
ipaddr = 192.168.1.44
shortname = R1
vim /etc/freeradius/users
- on cisco router
aaa new-model
done
Scenario 2
Notes :
LNS:R3
LAC:R2
USER:R1
LNS COMMANDS:
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Type ‘help;' or ‘\h' for help. Type ‘\c' to clear the current input statement.
mysql> exit
Enter password:
Enter password:
You can turn off this feature to get a quicker startup with -A
Database changed
Note1 : (if the following command not working that’s normal , no problem )
Note2 : be attention when you do copy and paste that all character is copied specially for
(')
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('sqltest', 'Password',
'testpwd');
mysql> exit
Bye
Freeradius Configuration
You need to edit /etc/freeradius/sql.conf file
sudo vi /etc/freeradius/sql.conf
database = mysql
login = radius
password = 123456
readclients = yes
sudo vi /etc/freeradius/sites-enabled/default
Documented by khder ali
Uncomment the sql option in the following sections , (and you can uncomment any sql
word you see)
accounting
# See “Authorization Queries” in sql.conf
sql
session
# See “Authorization Queries” in sql.conf
sql
Post-Auth-Type
# See “Authorization Queries” in sql.conf
sql
sudo vi /etc/freeradius/radiusd.conf
$INCLUDE sql.conf
Now you can stop the free radius server using the following command
Run freeradius in debugging mode. If there is no error, you are ready to go.
sudo freeradius -X
Test the radius server using the following command (note : if the command that you
inserted before inside mysql not worked the answer will not be accept it will be reject and
that’s normal , you can continue )
Ouput as follows
Sending Access-Request of id 68 to 127.0.0.1 port 1812
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 127.0.1.1
NAS-Port = 18128
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=68, length=20
CTRL^C
Once you downloaded the daloradius-0.9-9.tar.gz file you need to extract using the
following command:
$ mv daloradius-0.9-9 daloradius
$ mv daloradius /var/www
Change Permissions
Mysql database need to setup for daloradius.We need to do is to import the daloradius
scheme into our existing radius database.
$ cd /var/www/daloradius/contrib/db
Documented by khder ali
sudo vi /var/www/daloradius/library/daloradius.conf.php
Save and exit the file Now you need to configure daloradius website under
/etc/apache2/sites-available
sudo vi /etc/apache2/sites-available/daloradius.conf
<Directory /var/www/daloradius/>
Options None
order deny,allow
</Directory>
note : if you have any problem with radius service starting or apache , stop all three services and
start it again.
username: administrator
password: radius
Once you loggedin you should see similar to the following screen
Done.
Documented by khder ali
Scenario 3
ppp Authentication ,authorization , accounting (for LNS users) on radius
server with data base and free billing system ( radius server is separated
from data base and billing system server )
Notes :
LNS:R3
LAC:R2
USER:R1
Documented by khder ali
ppp Authentication (for LNS users) on radius server with data base and free
billing system (radius and data base and billing system on the same server )
LNS commands :
aaa authentication ppp default group radius
You need to install all packages for both data base and radius server ,
because you need some files like schema and NAS tables template to insert
it inside database , or you can copy these files from radius server
In this example will install all packages.
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Type ‘help;' or ‘\h' for help. Type ‘\c' to clear the current input statement.
mysql> exit
Enter password:
vim /etc/mysql/mysql.conf.d/mysqld.cnf
Once you downloaded the daloradius-0.9-9.tar.gz file you need to extract using the
following command:
$ mv daloradius-0.9-9 daloradius
$ mv daloradius /var/www
Change Permissions
Mysql database need to setup for daloradius.We need to do is to import the daloradius
scheme into our existing radius database.
$ cd /var/www/daloradius/contrib/db
sudo vi /var/www/daloradius/library/daloradius.conf.php
Note : if the daloradius application on the same database server , just enter the
-Username : root
-Database name
Example:
Save and exit the file Now you need to configure daloradius website under
/etc/apache2/sites-available
sudo vi /etc/apache2/sites-available/daloradius.conf
<Directory /var/www/daloradius/>
Options None
order deny,allow
</Directory>
note : if you have any problem with start any service on database , stop the following services
and start it again. , note :you don’t need freeradius on database server
username: administrator
password: radius
Once you loggedin you should see similar to the following screen
Documented by khder ali
Radius server :
Freeradius Configuration
You need to edit /etc/freeradius/sql.conf file
sudo vi /etc/freeradius/sql.conf
database = "mysql"
# Connection info:
server = "192.168.1.200"
login = "radius"
password = "123456"
readclients = yes
sudo vi /etc/freeradius/sites-enabled/default
Documented by khder ali
Uncomment the sql option in the following sections , (and you can uncomment any sql
word you see)
accounting
# See “Authorization Queries” in sql.conf
sql
session
# See “Authorization Queries” in sql.conf
sql
Post-Auth-Type
# See “Authorization Queries” in sql.conf
sql
sudo vi /etc/freeradius/radiusd.conf
$INCLUDE sql.conf
Now you can stop the free radius server using the following command
Run freeradius in debugging mode. If there is no error, you are ready to go.
sudo freeradius -X
and finally you need to add user and NAS like we did before .
Documented by khder ali
mysql -u root
mysql> exit
to create table (example- create group to accept authentication even if user password
not correct ) :
mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('usertest ', 'Password',
'123456');
Done.
Khder ali
www.facebook.com/cciesyria
Documented by khder ali