Installation

Debian - minimal

Solaris

CentOS

Pakete nachinstallieren

um eine einfach deinstallation bzw. update-möglichkeit zu gewähren wird eine Installation mit checkinstall und rpm durchgeführt:

11:54:49 Xradius ~ [root]cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=Xradius.ISALAB.local

[root@Xradius freeradius-1.1.2]# yum install screen.i386
[root@Xradius freeradius-1.1.2]# yum install gcc.i386
[root@Xradius freeradius-1.1.2]# yum install unixODBC.i386
[root@Xradius freeradius-1.1.2]# yum install net-snmp.i386
[root@Xradius freeradius-1.1.2]# yum install net-snmp-utils.i386
[root@Xradius freeradius-1.1.2]# yum install net-snmp-devel.i386
[root@Xradius freeradius-1.1.2]# yum install gdbm.i386 gdbm-devel.i386
[root@Xradius freeradius-1.1.2]# yum install rpm-build.i386
[root@Xradius freeradius-1.1.2]# yum install perl-DBI.i386
[root@Xradius freeradius-1.1.2]# wget http://asic-linux.com.mx/~izto/checkinstall/files/rpm/checkinstall-1.6.0-1.i386.rpm
[root@Xradius freeradius-1.1.2]# rpm -ihv checkinstall-1.6.0-1.i386.rpm 

Radius installieren

Building RedHat Packages - freeRADIUS Wiki

[root@Xradius freeradius-1.1.2]# ./configure --sysconfdir=/etc --mandir=/usr/share/man --infodir=/usr/share/info --localstatedir=/var --with-openssl-includes=/usr/include/openssl --with-openssl-libraries=/lib --with-snmp| less

[root@Xradius freeradius-1.1.2]# make

[root@Xradius freeradius-1.1.2]# checkinstall 
[root@Xradius freeradius-1.1.2]# rpm -ihv /usr/src/redhat/RPMS/i386/freeradius-1.1.2-1.i386.rpm
Preparing...                ########################################### [100%]
   1:freeradius             ########################################### [100%]

[root@Xradius freeradius-1.1.2]# cp /usr/local/share/freeradius/dictionary* /etc/raddb/ -pri

Startscript installieren

[root@Xradius ~]# cp scripts/rc.radiusd /etc/init.d/radiusd
[root@Xradius rc5.d]# ln -s ../init.d/radiusd S99radusd
[root@Xradius rc3.d]# ln -s ../init.d/radiusd S99radiusd
[root@Xradius rc2.d]# ln -s ../init.d/radiusd S99radiusd

[root@Xradius etc]# find . -iname "*radius*" -exec ls -l '{}' ';'
-rwxr-xr-x  1 root root 2148 Aug  3 13:59 ./rc.d/init.d/radiusd
lrwxrwxrwx  1 root root 17 Aug  3 14:03 ./rc.d/rc3.d/S99radiusd -> ../init.d/radiusd
lrwxrwxrwx  1 root root 17 Aug  3 14:03 ./rc.d/rc5.d/S99radiusd -> ../init.d/radiusd
lrwxrwxrwx  1 root root 17 Aug  3 14:02 ./rc.d/rc2.d/S99radiusd -> ../init.d/radiusd
-rw-r--r--  1 root root 65366 Aug  3 13:54 ./raddb/radiusd.conf

Nun startet freeradius automatisch während des Bootvorganges

cron-scripte

Download der Debianutils von: http://ftp.debian.org/debian/pool/main/d/debianutils/debianutils_2.17.tar.gz

Entpacken und installation von savelog:

[root@Xradius ~]# tar xzf debianutils_2.17.tar.gz 
[root@Xradius ~]# cd debianutils-2.17/

[root@Xradius debianutils-2.17]# cp savelog /usr/bin/ -i
[root@Xradius debianutils-2.17]# chmod +x /usr/bin/savelog 
[root@Xradius debianutils-2.17]# cd ../freeradius-1.1.2/scripts/

[root@Xradius scripts]# ./radiusd.cron.daily 
[root@Xradius scripts]# ./radiusd.cron.monthly 
[root@Xradius scripts]# cp radiusd.cron.daily /etc/cron.daily/radiusd_log
[root@Xradius scripts]# cp radiusd.cron.monthly /etc/cron.monthly/radiusd_log

Zertifikate erstellen

[root@Xradius ~]# rpm -ihv openssl-perl-0.9.7a-43.8.i386.rpm 
Preparing...                ########################################### [100%]
   1:openssl-perl           ########################################### [100%]
[root@Xradius ~]# updatedb
[root@Xradius ~]# locate CA.pl
/usr/share/man/man1/CA.pl.1ssl.gz
/usr/share/ssl/misc/CA.pl
[root@Xradius ~]# cp /usr/share/ssl/misc/CA.pl /usr/bin/ -p

danach kann man im freeradius Ordner unter scripts mit CA.all bzw. CA.certs die Zertifikate erstellen und nach /etc/raddv/certs kopieren!

Installation prüfen

[root@Xradius freeradius-1.1.2]# rpm -qa | grep freeradius
freeradius-1.1.2-1

[root@Xradius freeradius-1.1.2]# ls /etc/raddb/
acct_users    example.pl         naspasswd         radiusd.conf
attrs         experimental.conf  oraclesql.conf    realms
certs         hints              otp.conf          snmp.conf
clients       huntgroups         otppasswd.sample  sql.conf
clients.conf  ldap.attrmap       postgresql.conf   sqlippool.conf
dictionary    mssql.conf         preproxy_users    users
eap.conf      naslist            proxy.conf
[root@Xradius freeradius-1.1.2]# which radiusd
/usr/local/sbin/radiusd
[root@Xradius freeradius-1.1.2]# which radtest
/usr/local/bin/radtest

radius-Daemon starten

im Vordergrund und im Debugmodus starten:

[root@Xradius freeradius-1.1.2]# radiusd -X
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/raddb/proxy.conf
Config:   including file: /etc/raddb/clients.conf
Config:   including file: /etc/raddb/snmp.conf
Config:   including file: /etc/raddb/eap.conf
Config:   including file: /etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/var"
 main: logdir = "/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec 
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec) 
Module: Loaded expr 
Module: Instantiated expr (expr) 
Module: Loaded PAP 
 pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap) 
Module: Loaded CHAP 
Module: Instantiated chap (chap) 
Module: Loaded MS-CHAP 
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no
 mschap: passwd = "(null)"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap) 
Module: Loaded System 
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "(null)"
 unix: group = "(null)"
 unix: radwtmp = "/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix) 
Module: Loaded eap 
 eap: default_eap_type = "md5"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
 gtc: challenge = "Password: "
 gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap) 
Module: Loaded preprocess 
 preprocess: huntgroups = "/etc/raddb/huntgroups"
 preprocess: hints = "/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess) 
Module: Loaded realm 
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix) 
Module: Loaded files 
 files: usersfile = "/etc/raddb/users"
 files: acctusersfile = "/etc/raddb/acct_users"
 files: preproxy_usersfile = "/etc/raddb/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files) 
Module: Loaded Acct-Unique-Session-Id 
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique) 
Module: Loaded detail 
 detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail) 
Module: Loaded radutmp 
 radutmp: filename = "/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp) 
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.

testen

mittels radtest einen Verbindungsaufbau zu radiusd versuchen:

[root@Xradius ~]# radtest test test localhost 0 testing123
Sending Access-Request of id 59 to 127.0.0.1 port 1812
        User-Name = "test"
        User-Password = "test"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=59, length=20

radiusd gibt folgede Meldungen von sich ⇒ er funktioniert!

rad_recv: Access-Request packet from host 127.0.0.1:32769, id=64, length=56
        User-Name = "test"
        User-Password = "test"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  modcall[authenticate]: module "unix" returns notfound for request 0
modcall: leaving group authenticate (returns notfound) for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 64 to 127.0.0.1 port 32769
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 64 with timestamp 44d22fee
Nothing to do.  Sleeping until we see a request.
more tests

– Testing CHAP with radclient

echo “User-Name = testuser, CHAP-Password = testpass” | radclient localhost auth testing123 -x

– Testing PAP with radclient

echo “User-Name = testuser, User-Password = testpass” | radclient localhost auth testing123 -x

Belastungstest:

1st terminal:

time echo “User-Name = ISALAB.local\\\\administrator, User-Password = labadmin” | radclient -c 100000 -s -r 10 localhost:1645 auth testing123

zeit: real 42m10.621s

2nd terminal: (Authentifizierung schlägt fehl … wegen CHAP gegen AD, dient nur als zusätzliche Belastung)

time echo “User-Name = ISALAB.local\\\\mmessner, CHAP-Password = m1k3” | radclient -c 1000 -n 10 localhost:1645 auth testing123

zeit: real 19m14.980s

Konfiguration

Linux in Windows Domänenstruktur integrieren

beide Server mit ntp zeitlich synchronisieren (auf Linux lauft der ntp, auf Windows wird ntp von http://www.meinberg.de/german/sw/ntp.htm#ntp_nt nachinstalliert)

C:\Program Files\NTP\bin>ntpdate 141.201.43.16
 8 Aug 19:19:57 ntpdate[2728]: step time server 141.201.43.16 offset 21610.681950 sec

configs:
/etc/samba/smb.conf
/etc/krb5.conf
/etc/nsswitch.conf

[root@Xradius ~]# kinit Administrator@ISALAB.LOCAL
Password for Administrator@ISALAB.LOCAL: 

[root@Xradius ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@ISALAB.LOCAL

Valid starting     Expires            Service principal
08/08/06 14:02:00  08/09/06 00:02:00  krbtgt/ISALAB.LOCAL@ISALAB.LOCAL
        renew until 08/09/06 14:02:00


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

[root@Xradius ~]# /etc/init.d/winbind restart

Shutting down Winbind services:                            [  OK  ]
Starting Winbind services:                                 [  OK  ]

Winbind automatisch beim booten starten:

[root@Xradius ~]# chkconfig --level 3 winbind on
[root@Xradius ~]# chkconfig --level 5 winbind on

evtl. Samba auch neu starten!

[root@Xradius ~]# net join -W ISALAB -S labad01 -U Administrator
Administrator's password: 
ads_join_realm: Operations error
ADS join did not work, falling back to RPC...
Joined domain ISALAB.

[root@Xradius ~]# wbinfo -g
BUILTIN/System Operators
BUILTIN/Replicators
BUILTIN/Guests
BUILTIN/Power Users
BUILTIN/Print Operators
BUILTIN/Administrators
BUILTIN/Account Operators
BUILTIN/Backup Operators
BUILTIN/Users

[root@Xradius ~]# wbinfo -D isalab
Name              : ISALAB
Alt_Name          : isalab.local
SID               : S-1-5-21-1701775561-1321748425-3988398364
Active Directory  : Yes
Native            : Yes
Primary           : Yes
Sequence          : -1

Authentifizierungsversuch am Active Directory:

[root@Xradius ~]# wbinfo -a m1k3%m1k3
plaintext password authentication succeeded
challenge/response password authentication succeeded

wbinfo_auth_from_linux.jpg

[root@Xradius ~]# ntlm_auth --request-nt-key --domain=ISALAB.LOCAL --username=m1k3
password: 
NT_STATUS_OK: Success (0x0)
[root@Xradius ~]# ntlm_auth --request-nt-key --domain=ISALAB.LOCAL --username=administrator
password: 
NT_STATUS_OK: Success (0x0)

Active Directory Anbindung

Active Directory Anbindung über LDAP-Modul

configs

complete authentication

Addons

freeRADIUS rpm package erstellen

freeradius.spec - file

cd ~
cp -a /usr/src/redhat/ rpmbuild

$ cp freeradius-1.1.3.tar.gz ~/rpmbuild/SOURCES/
$ tar zxf freeradius-1.1.3.tar.gz freeradius-1.1.3/redhat/freeradius.spec
$ cp freeradius-1.1.3/redhat/freeradius.spec ~/rpmbuild/SPECS/

correct the spec-file
Build the RPM.

$ cd ~/rpmbuild/SPECS
$ rpmbuild -ba freeradius.spec

supervise monitoring einrichten

Anleitung
Anleitung von Freeradius.org
Installationsanleitung der daemontools
daemontools Zusammenfassung

Download daemontools from: daemontools

[root@Xradius ~]# rpm -ihv daemontools-0.76-112memphis.i386.rpm 

 ls /command/ -l
total 0
lrwxrwxrwx  1 root root 41 Aug 24 12:13 envdir -> /package/admin/daemontools/command/envdir
lrwxrwxrwx  1 root root 44 Aug 24 12:13 envuidgid -> /package/admin/daemontools/command/envuidgid
lrwxrwxrwx  1 root root 41 Aug 24 12:13 fghack -> /package/admin/daemontools/command/fghack
lrwxrwxrwx  1 root root 43 Aug 24 12:13 multilog -> /package/admin/daemontools/command/multilog
lrwxrwxrwx  1 root root 43 Aug 24 12:13 pgrphack -> /package/admin/daemontools/command/pgrphack
lrwxrwxrwx  1 root root 48 Aug 24 12:13 readproctitle -> /package/admin/daemontools/command/readproctitle
lrwxrwxrwx  1 root root 42 Aug 24 12:13 setlock -> /package/admin/daemontools/command/setlock
lrwxrwxrwx  1 root root 44 Aug 24 12:13 setuidgid -> /package/admin/daemontools/command/setuidgid
lrwxrwxrwx  1 root root 44 Aug 24 12:13 softlimit -> /package/admin/daemontools/command/softlimit
lrwxrwxrwx  1 root root 44 Aug 24 12:13 supervise -> /package/admin/daemontools/command/supervise
lrwxrwxrwx  1 root root 38 Aug 24 12:13 svc -> /package/admin/daemontools/command/svc
lrwxrwxrwx  1 root root 39 Aug 24 12:13 svok -> /package/admin/daemontools/command/svok
lrwxrwxrwx  1 root root 41 Aug 24 12:13 svscan -> /package/admin/daemontools/command/svscan
lrwxrwxrwx  1 root root 45 Aug 24 12:13 svscanboot -> /package/admin/daemontools/command/svscanboot
lrwxrwxrwx  1 root root 41 Aug 24 12:13 svstat -> /package/admin/daemontools/command/svstat
lrwxrwxrwx  1 root root 41 Aug 24 12:13 tai64n -> /package/admin/daemontools/command/tai64n
lrwxrwxrwx  1 root root 46 Aug 24 12:13 tai64nlocal -> /package/admin/daemontools/command/tai64nlocal

daemontools in den bootvorgang integrieren:
<code> [root@Xradius ~]# cat /package/admin/daemontools-0.76/package/boot.inittab » /etc/inittab </code>

man pages instalieren:

download der man pages von http://smarden.org/pape/djb/manpages/daemontools-0.76-man.tar.gz

[root@Xradius ~]# tar xvzf daemontools-0.76-man.tar.gz 
daemontools-man/
daemontools-man/envdir.8
daemontools-man/README
daemontools-man/envuidgid.8
daemontools-man/fghack.8
daemontools-man/multilog.8
daemontools-man/pgrphack.8
daemontools-man/readproctitle.8
daemontools-man/setlock.8
daemontools-man/setuidgid.8
daemontools-man/softlimit.8
daemontools-man/supervise.8
daemontools-man/svc.8
daemontools-man/svok.8
daemontools-man/svscan.8
daemontools-man/svscanboot.8
daemontools-man/svstat.8
daemontools-man/tai64n.8
daemontools-man/tai64nlocal.8
[root@Xradius ~]# cd daemontools-man/
[root@Xradius daemontools-man]# gzip *.8
[root@Xradius daemontools-man]# cp *.8.gz /usr/share/man/man8/
[root@Xradius daemontools-man]# man supervise
...

weitere Installation nach Anleitung von Freeradius.org

supervise radiusd:

[root@Xradius ~]# ls /etc/radiusd/ -R
/etc/radiusd/:
log  run  supervise

/etc/radiusd/log:
main  run

/etc/radiusd/log/main:

/etc/radiusd/supervise:
control  lock  ok  status

Startscript
rc.local

Starten des radiusd:

[root@Xradius ~]# supervise /service/radiusd/
radiusd: ================ 2006-09-21-11:28:58 ================
radiusd: Starting FreeRADIUS ...
Thu Sep 21 11:28:58 2006 : Info: Starting - reading configuration files ...

angepasstes Init-Script - broken

log file auswertung

Radiusreport

entpacken

[root@Xradius radiusreport-0.3b6]# cp -pri radiusreport* /usr/local/bin/

script erstellen:

[root@Xradius ~]# cat /etc/cron.daily/radlog.sh 
#!/bin/bash
##./radiusreport -tba -l all -f /var/log/radius/radacct/141.201.43.115/detail*
##
## per cronjob automatisch log files aufbereiten


loggeropt="logger -t lograd -s"
$loggeropt " "
$loggeropt "=============== `date +%F-%T` ==============="
$loggeropt "generate nice radius log files for `hostname`@`domainname` "
$loggeropt " "
log=/var/log/radius/detail                              #where to save the new log file
filename=radius-logging                 #radius-logging-DATUM
bin=/usr/local/bin/radiusreport                         #which binary
logpath=/var/log/radius/radacct/                #process which path
dirs=$(ls $logpath/ -D)         #which files should we analyze
options="-tba -l all -f"                #use this options

if [ ! -d $log ]; then
        $loggeropt "no log directory available ... I'll generate the directory $log "
        mkdir -p $log
fi

for dir in $dirs; do

        files=$(find $logpath/$dir -type f -iname "detail*")            #which files should we analyze

        if [ ! -d $log/$dir ]; then
                mkdir $log/$dir/
        fi

        $loggeropt " "
        $loggeropt "processing log-files from $dir - NAS"
        $loggeropt " "

        for file in $files; do
                date=`ls $file | cut -d- -f2`

                $loggeropt "processing log file from $date"
                $bin $options $file > $log/$dir/$filename-$date
        done
done
$loggeropt " "
$loggeropt "finished radius log files for `hostname`@`domainname` "
$loggeropt "=============== `date +%F-%T` ==============="
$loggeropt " "

exit 0

first run:

[root@Xradius ~]# /etc/cron.daily/radlog.sh 
lograd:  
lograd: =============== 2006-09-20-14:26:28 ===============
lograd: generate nice radius log files for Xradius.local@ISALAB.local 
lograd:  
lograd:  
lograd: processing log-files from 127.0.0.1 - NAS
lograd:  
lograd: processing log file from 20060919
lograd:  
lograd: processing log-files from 141.201.43.115 - NAS
lograd:  
lograd: processing log file from 20060904
...
lograd: processing log file from 20060819
lograd:  
lograd: processing log-files from 141.201.43.118 - NAS
lograd:  
lograd: processing log file from 20060911
....
lograd: processing log file from 20060918
lograd:  
lograd: processing log-files from 141.201.43.24 - NAS
lograd:  
lograd:  
lograd: finished radius log files for Xradius.local@ISALAB.local 
lograd: =============== 2006-09-20-14:26:37 ===============
lograd:  

the generated files:

[root@Xradius ~]# ls /var/log/radius/detail/ -R
/var/log/radius/detail/:
127.0.0.1  141.201.43.115  141.201.43.118  141.201.43.24

/var/log/radius/detail/127.0.0.1:
radius-logging-20060919

/var/log/radius/detail/141.201.43.115:
radius-logging-20060807  radius-logging-20060828  radius-logging-20060910
radius-logging-20060808  radius-logging-20060829  radius-logging-20060911
radius-logging-20060809  radius-logging-20060830  radius-logging-20060912
radius-logging-20060810  radius-logging-20060831  radius-logging-20060913
radius-logging-20060816  radius-logging-20060901  radius-logging-20060914
radius-logging-20060817  radius-logging-20060902  radius-logging-20060915
radius-logging-20060818  radius-logging-20060903  radius-logging-20060916
radius-logging-20060819  radius-logging-20060904  radius-logging-20060917
radius-logging-20060820  radius-logging-20060905  radius-logging-20060918
radius-logging-20060821  radius-logging-20060906  radius-logging-20060919
radius-logging-20060822  radius-logging-20060907  radius-logging-20060920
radius-logging-20060823  radius-logging-20060908
radius-logging-20060824  radius-logging-20060909

/var/log/radius/detail/141.201.43.118:
radius-logging-20060906  radius-logging-20060913  radius-logging-20060919
radius-logging-20060907  radius-logging-20060914  radius-logging-20060920
radius-logging-20060911  radius-logging-20060915
radius-logging-20060912  radius-logging-20060918

/var/log/radius/detail/141.201.43.24:

Konfigurations Revisions System (RCS)

http://deployingradius.com/documents/configuration/setup.html#content

Installation des Paketes rcp-5.7-26.i386.rpm

Permissions

um den Radiusserver unter einer anderen UID laufen zu lassen müssen folgende anpassungen vorgenommen werden:

user und gruppen:

[root@Xradius raddb]# grep radiusd /etc/passwd
radiusd:x:95:95:radiusd user:/:/bin/bash
[root@Xradius raddb]# grep radiusd /etc/group
radiusd:x:95:

radiusd.conf

...
[root@Xradius raddb]# grep radiusd radiusd.conf 
# user/group: The name (or #number) of the user/group to run radiusd as.
user = radiusd
group = radiusd
...

Radius-log permissions
Radius-config permissions

/etc/cron.daily/radiusd_log - logrotate for radius
/etc/cron.monthly/radiusd_log - logrotate for radius

run the radius-daemon:

[root@Xradius raddb]# ps aux | grep radiusd
radiusd  21159  0.3  1.5  7472 3892 pts/4    S+   16:41   0:01 radiusd -X -A

Radius - Stresstest

"King, Michael" <MKing@bridgew.edu> wrote:
> Anyone know of a stress test utility that can simulate EAP-PEAP?

  wpa_supplicant includes a program "eapol_test".  I've used that with
great success.

  To stress test the server, I suggest running 5-6 client machines,
and 10-20 instances of eapol_test on each one.

  Alan DeKok.

Homepage von wpa-supplicant

 
linux-radius.txt · Last modified: 2009/09/13 17:39 (external edit)
 
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki