Sv в 20:29, 16 січня 2023

2023-01-16T20:29:30Z

Нова сторінка

Вариант, когда DHCP-сервер не устанавливается, поскольку FreeRadius версии 3 может сам выполнять функции DHCP

* В админке NoDeny надо создать пул ip в количестве раз в 5-10 большим чем предполагаемое количество абонентов. Тип ip обязательно должен быть "динамический".

==Mysql процедуры==

Процедуры практически один в один как в варианте [[Dhcp+Radius]], единственное, ip необходимо возвращать в атрибуте DHCP-Your-IP-Address

<pre>
ALTER DATABASE nodeny CHARACTER SET utf8 COLLATE utf8_general_ci;
</pre>

<pre>
DROP PROCEDURE IF EXISTS `radcheck`;
DELIMITER $$
CREATE PROCEDURE `radcheck` (IN login VARCHAR(64))
BEGIN
SELECT Null, login, 'Cleartext-Password' AS Attribute, '' AS Value,':=';
END$$
DELIMITER ;
</pre>

<pre>
DROP PROCEDURE IF EXISTS `radreply`;
DELIMITER $$
CREATE PROCEDURE `radreply`(IN login VARCHAR(64))
BEGIN
DECLARE usr_mac VARCHAR(12);
DECLARE usr_ip VARCHAR(15);
DECLARE usr_id INT;
SELECT REPLACE(login, ':', '') INTO usr_mac;
SELECT uid INTO usr_id FROM mac_uid WHERE mac=usr_mac;
IF usr_id IS NOT NULL AND usr_id>0 THEN
SELECT get_ip(usr_id) INTO usr_ip;
UPDATE mac_uid SET ip=0 WHERE ip=INET_ATON(usr_ip) AND uid<>usr_id;
UPDATE mac_uid SET ip=INET_ATON(usr_ip), time=UNIX_TIMESTAMP() WHERE uid=usr_id;
ELSE
START TRANSACTION;
SELECT INET_NTOA(ip) INTO usr_ip FROM ip_pool
WHERE uid=0 AND type='dynamic' AND `release` < UNIX_TIMESTAMP()
ORDER BY RAND() LIMIT 1 FOR UPDATE;
INSERT INTO mac_uid VALUES(
NULL, usr_mac, INET_ATON(usr_ip), 0, UNIX_TIMESTAMP(), 0, 0, 0, '')
ON DUPLICATE KEY
UPDATE ip=IF(ip>0,ip,INET_ATON(usr_ip)), time=UNIX_TIMESTAMP();
COMMIT;
SELECT INET_NTOA(ip) INTO usr_ip FROM mac_uid WHERE mac=usr_mac;
UPDATE ip_pool SET `release` = UNIX_TIMESTAMP() + 3600
WHERE ip = INET_ATON(usr_ip);
END IF;
SELECT NULL, login, 'DHCP-Your-IP-Address', usr_ip, '=';
SELECT NULL, login, 'Session-Timeout', '600', '=';
END$$
DELIMITER ;
</pre>

<pre>
DROP PROCEDURE IF EXISTS `radupdate`;
DELIMITER $$
CREATE PROCEDURE `radupdate`(
IN login VARCHAR(64), IN ipa VARCHAR(16), IN properties VARCHAR(255))
BEGIN
DECLARE usr_mac VARCHAR(16);
SELECT REPLACE(login, ':', '') INTO usr_mac;
CALL set_auth(ipa, CONCAT('mod=dhcp;user=', usr_mac, ';', REPLACE(properties,';','')));
UPDATE mac_uid SET time=UNIX_TIMESTAMP() WHERE ip=INET_ATON(ipa) LIMIT 1;
END$$
DELIMITER ;
</pre>

Проверим:

<pre>
CALL radreply('00:11:22:33:44:55');
</pre>

==Установка FreeRaius версии 3==

<syntaxhighlight lang="bash">
apt install freeradius
apt install freeradius-mysql
apt install freeradius-dhcp
</syntaxhighlight>

==Конфигурирование Radius==

<syntaxhighlight lang="bash">
rm /etc/freeradius/3.0/sites-enabled/default
</syntaxhighlight>

Создаем конфиг dhcp:
<syntaxhighlight lang="bash">
nano /etc/freeradius/3.0/sites-enabled/dhcp
</syntaxhighlight>

<pre>
server dhcp {
listen {
type = dhcp
interface = enp0s9
ipaddr = 0.0.0.0
port = 67
broadcast = yes
}
dhcp DHCP-Discover {
update reply {
DHCP-Message-Type = DHCP-Offer
}

update reply {
DHCP-Domain-Name-Server = 8.8.8.8
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 10.0.1.1
DHCP-IP-Address-Lease-Time = 86400
DHCP-DHCP-Server-Identifier = 10.0.1.1
}

sql.authorize
ok
}

dhcp DHCP-Request {
update reply {
DHCP-Message-Type = DHCP-Ack
}

update reply {
DHCP-Domain-Name-Server = 8.8.8.8
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 10.0.1.1
DHCP-IP-Address-Lease-Time = 86400
DHCP-DHCP-Server-Identifier = 10.0.1.1
}

sql.authorize
sql.post-auth
ok
}

dhcp {
reject
}
}

</pre>

Здесь 10.0.1.1 - это ip интерфейса, на котором нам нужно dhcp.

Создаем конфиг sql:
<syntaxhighlight lang="bash">
nano /etc/freeradius/3.0/mods-enabled/sql
</syntaxhighlight>

<pre>
sql {
driver = "rlm_sql_mysql"
mysql {
warnings = auto
}
server = "localhost"
port = 3306
login = "nodeny"
password = "hardpass"
radius_db = "nodeny"

authorize_check_query = "call radcheck('%{DHCP-Client-Hardware-Address}')"
authorize_reply_query = "call radreply('%{DHCP-Client-Hardware-Address}')"
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}.query}"
type {
start {
query = "call radupdate('%{DHCP-Client-Hardware-Address}','%{reply:DHCP-Your-IP-Address}',\
'nas=%{DHCP-DHCP-Server-Identifier}')"
}
interim-update {
query = "${..start.query}"
}
}
}
post-auth {
query = "call radupdate('%{DHCP-Client-Hardware-Address}','%{reply:DHCP-Your-IP-Address}',\
'nas=%{DHCP-DHCP-Server-Identifier}')"
}
}
</pre>

Запуск с дебагом на экран:
<syntaxhighlight lang="bash">
freeradius -X
</syntaxhighlight>

FreeRadius3 + Dhcp (Linux) - Історія редагувань

Sv в 20:29, 16 січня 2023