freeradius

Python monitoring radiusd service. Loadbalancer tcp healthcheck

此生再无相见时 提交于 2019-12-11 16:38:42
问题 I have a curious situation. I'm working on a pair of freeradius servers and had planned to stick a load balancer in front of them in GCP. Not entirely sure if this is the best approach, as I don't have much experience with Freeradius really.. but it's the avenue I went down. So I threw together some Terraform to build a couple of GCP instances and wrote a startup script to deploy the application and configuration files. All good so far. Then I got started on the load balancer, and I noticed

How to add/copy VSAs (Vendor-Specific attributes) to outer channel of EAP reply in FreeRADIUS C module

爷,独闯天下 提交于 2019-12-11 14:59:04
问题 I am adding VSAs programmatically to Access-Accept reply in my FreeRADIUS C module (More details here). For debugging/troubleshooting purpose, I need a way to visually inspect the VSAs on the receiving end. The issue is that my clients are using inner tunnel protocols (PEAP and TTLS) over EAP outer channel, and the traffic sniffer tools, such as WireShark, show only outer channel data. I understand there is a way to copy the attributes to the outer channel for this purpose but was unable to

Failed to link to module 'rlm_python': rlm_python.so

倾然丶 夕夏残阳落幕 提交于 2019-12-11 05:49:24
问题 I was trying to create a python authentication for freeradius 3.0.8. I followed this example. But when I'm trying to start freeradius in debug mode using command radiusd -X It shows following error. /usr/local/etc/raddb/mods-enabled/python[9]: Failed to link to module 'rlm_python': rlm_python.so: cannot open shared object file: No such file or directory I looked /usr/local/lib/ folder and found that rlm_python module is not there. How can I add that module? My python module inside /raddb/mods

Setup FreeRadius + ldap + single sign-on

你。 提交于 2019-12-11 04:52:31
问题 Am trying to configure Single sign-on using FreeRadius. Scenario: I have a fully configured LDAP (389 DS) Version-2.1 with few users and groups (in CentOS6). I have installed FreeRadius (latest stable version) (in CentOS 6). Configured FreeRadius to listen the above LDAP server. I have made a client system (CentOS6) as radius client using pam_radius module. Now, am able to login to NAS with the LDAP credentials and getting logs correctly in FreeRadius. Now, I want to implement single sign-on

Freeradius + Openldap ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user

笑着哭i 提交于 2019-12-11 02:27:32
问题 after a couple of days searching in google I have to resign and ask :/ We're using a debian server with openldap and radius installed. When I connect to the radius using radtest everything is fine, but when I use an accesspoint (and the connection goes through the tunnel) I get the folloing result. The inner-tunnel looks like this: authorize { update control { Proxy-To-Realm := LOCAL } eap { ok = return } files ldap { ok = return } expiration logintime pap } authenticate { Auth-Type PAP { pap

FreeRadius安装与配置

牧云@^-^@ 提交于 2019-12-08 20:57:03
freeradius简介 详见官网 http://freeradius.org freeradius安装 ./configure --prefix=/opt/freeradius-server --with-openssl-includes=/usr/local/include/ --with-openssl-libraries=/usr/local/lib64 --with-rlm-mysql-lib-dir=/opt/mysql/lib/ --with-rlm-mysql-include-dir=/opt/mysql/include/ make make install freeradius配置 (1) 增加ac配置 文件:/opt/freeradius-server/etc/raddb/clients.conf 添加如下配置: client host_vlan123 { ipaddr = 10.8.2.253 secret = secret require_message_authenticator = no } (2) 数据库配置 文件:/opt/freeradius-server/etc/raddb/sql.conf database = "mysql" # # Which FreeRADIUS driver to use. # driver = "rlm_sql_$

freeradius安装和配置

混江龙づ霸主 提交于 2019-12-08 20:56:45
注意:freeradius装完非常大,有几百兆 软件准备 [root@nm freeradius-server-2.1.1]# rpm -qa | grep openssl openssl-0.9.7a-43.10 openssl-devel-0.9.7a-43.10 xmlsec1-openssl-1.2.6-3 [root@vmmac fprobe-1.1]# rpm -qa | grep ldap openldap-2.2.13-6.4E openldap-devel-2.2.13-6.4E openldap-clients-2.2.13-6.4E nss_ldap-226-13 openldap-servers-2.2.13-6.4E freeradius-server-2.1.1.tar.gz freeradius 安装 [root@nm freeradius-server-2.1.1]# ./configure configure: creating ./config.status config.status: creating Makefile config.status: creating config.h 会装很长时间,接近1小时 [root@nm freeradius-server-2.1.1]# make Making all in rfc... gmake

centos6.5下安装freeradius2.2.9+mysql

南笙酒味 提交于 2019-12-07 02:12:49
平台centos6.5 x86_64 1,安装源并更新 rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm yum update -y 2,安装相关库 yum -y install wget expat-devel gcc make gmp-devel gmp pkgconfig perl libpcap gcc-c++ logrotate tar cpio gawk flex bison bison-devel lsof libpcap-devel patch openssl openssl-devel libgcrypt* crypt* autoconf automake libtasn1-devel zlib zlib-devel trousers trousers-devel texinfo libnl-devel libnl dbus dbus-devel ncurses-devel readline-devel libtool-ltdl libtalloc* hiredis* redhat-lsb python 3,安装Mysql rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el6-5

Centos 7上编译安装freeradius3.0

你离开我真会死。 提交于 2019-12-07 02:12:35
平台:Centos 7 x86_64 1,安装源并更新 yum install -y epel-release rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm yum update -y 2,安装基本库 yum install -y install gcc gcc-c++ openssl openssl-devel pcre pcre-devel libtalloc-devel hiredis* ykclient libpcap libpcap-devel libnl-devel libnl net-snmp net-snmp-utils 3,安装mysql yum install -y mysql-community-server mysql-devel mysql-connector-odbc libdbi-dbd-mysql 4,启动mysql服务 systemctl enable mysqld.service systemctl start mysqld.service mysql_secure_installation 5,安装freeradius wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server

OpenconnectVPN 双网卡(策略路由方式,非NAT)部署方案_20181129更新

左心房为你撑大大i 提交于 2019-12-05 10:52:43
一、Ocserv简介 Openconnect VPN服务端简称ocserv(Openconnect VPN Server),ocserv是一款开源的,兼容Cisco Anyconnect VPN的VPN服务端软件。目前状况下通讯较为稳定,干扰较小。主要优势是多平台的支持,Windows、Android、iOS都能找到它的客户端。 二、方案概述 2-1、方案拓扑图 2-2、部署目标 实现PC(Windows)、苹果电脑(Mac OS)、苹果手机(iOS)、安卓手机(Android)通过AnyConnect或者OpenConnect客户端拨通VPN后,获取到内网IPv4及IPv6地址,且通过内网三层路由网络,实现校园网内部互访及图书馆数据库资源访问。 2-3、部署内容 部署操作系统环境为CentOS7.4,双网口,ocserv版本为0.11.8,两个网卡分别连接内网及外网;其后安装ocserv并做个性化配置,调整系统参数,实现IPv4及IPv6数据转发,添加策略路由,将ocserv中客户端流量转发至内网,其后调整内部路由实现互访,内网访问策略可实现与其它内网用户业务地址一致。 三、部署过程 3-1、安装ocserv 查看系统版本 cat /etc/redhat-release ocserv已经在epel源提供,直接yum安装对应软件包。 yum install epel-release