FreeRadius Notes: различия между версиями

Материал из noname.com.ua
Перейти к навигацииПерейти к поиску
Строка 3: Строка 3:
 
* https://shop.nag.ru/article/ericsson-smartedge-freeradius-billing
 
* https://shop.nag.ru/article/ericsson-smartedge-freeradius-billing
 
* https://code.google.com/archive/p/cakebilling/wikis/ConfiguringFreeRadius.wiki
 
* https://code.google.com/archive/p/cakebilling/wikis/ConfiguringFreeRadius.wiki
  +
  +
=Минимальный рабочий конфиг=
  +
Тут чертовски важен порядок модулей - если переставить местами pap/files то получится что pap не сможет получить пароль
  +
<BR>
  +
По сути тут логика такая
  +
* Пришел пользователь
  +
*
  +
<PRE>
  +
server default {
  +
listen {
  +
type = auth
  +
ipv4addr = *
  +
port = 1812
  +
limit {
  +
max_connections = 16
  +
lifetime = 0
  +
idle_timeout = 30
  +
}
  +
}
  +
  +
listen {
  +
ipv4addr = *
  +
port = 1813
  +
type = acct
  +
}
  +
  +
  +
instantiate {
  +
exec
  +
expr
  +
expiration
  +
}
  +
  +
authorize {
  +
files
  +
pap
  +
}
  +
  +
authenticate {
  +
Auth-Type PAP {
  +
pap
  +
}
  +
}
  +
} # end of SERVER
  +
</PRE>
  +
  +
<PRE>
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) Received Access-Request Id 51 from 127.0.0.1:54599 to 127.0.0.1:1812 length 73
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) User-Name = "bob"
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) User-Password = "hello"
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) NAS-IP-Address = 10.90.1.213
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) NAS-Port = 0
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) Message-Authenticator = 0xa051e8612e62faaa98baa723ceb98219
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) session-state: No State attribute
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) authorize {
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authorize]: calling files (rlm_files)
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) files: users: Matched entry bob at line 4
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: FROM 1 TO 0 MAX 1
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: Examining Reply-Message
  +
Fri Jul 14 18:07:17 2023 : Debug: Hello, %{User-Name}
  +
Fri Jul 14 18:07:17 2023 : Debug: Parsed xlat tree:
  +
Fri Jul 14 18:07:17 2023 : Debug: literal --> Hello,
  +
Fri Jul 14 18:07:17 2023 : Debug: attribute --> User-Name
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) files: EXPAND Hello, %{User-Name}
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) files: --> Hello, bob
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: APPENDING Reply-Message FROM 0 TO 0
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: TO in 0 out 0
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authorize]: returned from files (rlm_files)
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) [files] = ok
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authorize]: calling pap (rlm_pap)
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authorize]: returned from pap (rlm_pap)
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) [pap] = updated
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) } # authorize = updated
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) Found Auth-Type = PAP
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) Auth-Type PAP {
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authenticate]: calling pap (rlm_pap)
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) pap: Login attempt with password "hello" (5)
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) pap: Comparing with "known good" Cleartext-Password "hello" (5)
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) pap: User authenticated successfully
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) modsingle[authenticate]: returned from pap (rlm_pap)
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) [pap] = ok
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) } # Auth-Type PAP = ok
  +
Fri Jul 14 18:07:17 2023 : ERROR: (0) Cannot proxy packets unless 'proxy_requests = yes'
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) Empty post-auth section in virtual server "default". Using default return values.
  +
Fri Jul 14 18:07:17 2023 : Auth: (0) Login OK: [bob/hello] (from client localhost port 0)
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) Sent Access-Accept Id 51 from 127.0.0.1:1812 to 127.0.0.1:54599 length 32
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) Reply-Message = "Hello, bob"
  +
Fri Jul 14 18:07:17 2023 : Debug: (0) Finished request
  +
Fri Jul 14 18:07:17 2023 : Debug: Waking up in 4.9 seconds.
  +
</PRe>

Версия 21:07, 14 июля 2023

Это просто сборник ссылок и заметок

Минимальный рабочий конфиг

Тут чертовски важен порядок модулей - если переставить местами pap/files то получится что pap не сможет получить пароль
По сути тут логика такая

  • Пришел пользователь
server default {
    listen {
        type = auth
        ipv4addr = *
        port = 1812
        limit {
            max_connections = 16
            lifetime = 0
            idle_timeout = 30
        }
    }

    listen {
        ipv4addr = *
        port = 1813
        type = acct
    }


    instantiate {
        exec
        expr
        expiration
    }

    authorize {
        files
        pap
    }

    authenticate {
        Auth-Type PAP {
            pap
        }
    }
} # end of SERVER
Fri Jul 14 18:07:17 2023 : Debug: (0) Received Access-Request Id 51 from 127.0.0.1:54599 to 127.0.0.1:1812 length 73
Fri Jul 14 18:07:17 2023 : Debug: (0)   User-Name = "bob"
Fri Jul 14 18:07:17 2023 : Debug: (0)   User-Password = "hello"
Fri Jul 14 18:07:17 2023 : Debug: (0)   NAS-IP-Address = 10.90.1.213
Fri Jul 14 18:07:17 2023 : Debug: (0)   NAS-Port = 0
Fri Jul 14 18:07:17 2023 : Debug: (0)   Message-Authenticator = 0xa051e8612e62faaa98baa723ceb98219
Fri Jul 14 18:07:17 2023 : Debug: (0) session-state: No State attribute
Fri Jul 14 18:07:17 2023 : Debug: (0) # Executing section authorize from file /etc/freeradius/3.0/sites-enabled/default
Fri Jul 14 18:07:17 2023 : Debug: (0)   authorize {
Fri Jul 14 18:07:17 2023 : Debug: (0)     modsingle[authorize]: calling files (rlm_files)
Fri Jul 14 18:07:17 2023 : Debug: (0) files: users: Matched entry bob at line 4
Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: FROM 1 TO 0 MAX 1
Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: Examining Reply-Message
Fri Jul 14 18:07:17 2023 : Debug: Hello, %{User-Name}
Fri Jul 14 18:07:17 2023 : Debug: Parsed xlat tree:
Fri Jul 14 18:07:17 2023 : Debug: literal --> Hello,
Fri Jul 14 18:07:17 2023 : Debug: attribute --> User-Name
Fri Jul 14 18:07:17 2023 : Debug: (0) files: EXPAND Hello, %{User-Name}
Fri Jul 14 18:07:17 2023 : Debug: (0) files:    --> Hello, bob
Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: APPENDING Reply-Message FROM 0 TO 0
Fri Jul 14 18:07:17 2023 : Debug: (0) files: ::: TO in 0 out 0
Fri Jul 14 18:07:17 2023 : Debug: (0)     modsingle[authorize]: returned from files (rlm_files)
Fri Jul 14 18:07:17 2023 : Debug: (0)     [files] = ok
Fri Jul 14 18:07:17 2023 : Debug: (0)     modsingle[authorize]: calling pap (rlm_pap)
Fri Jul 14 18:07:17 2023 : Debug: (0)     modsingle[authorize]: returned from pap (rlm_pap)
Fri Jul 14 18:07:17 2023 : Debug: (0)     [pap] = updated
Fri Jul 14 18:07:17 2023 : Debug: (0)   } # authorize = updated
Fri Jul 14 18:07:17 2023 : Debug: (0) Found Auth-Type = PAP
Fri Jul 14 18:07:17 2023 : Debug: (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
Fri Jul 14 18:07:17 2023 : Debug: (0)   Auth-Type PAP {
Fri Jul 14 18:07:17 2023 : Debug: (0)     modsingle[authenticate]: calling pap (rlm_pap)
Fri Jul 14 18:07:17 2023 : Debug: (0) pap: Login attempt with password "hello" (5)
Fri Jul 14 18:07:17 2023 : Debug: (0) pap: Comparing with "known good" Cleartext-Password "hello" (5)
Fri Jul 14 18:07:17 2023 : Debug: (0) pap: User authenticated successfully
Fri Jul 14 18:07:17 2023 : Debug: (0)     modsingle[authenticate]: returned from pap (rlm_pap)
Fri Jul 14 18:07:17 2023 : Debug: (0)     [pap] = ok
Fri Jul 14 18:07:17 2023 : Debug: (0)   } # Auth-Type PAP = ok
Fri Jul 14 18:07:17 2023 : ERROR: (0) Cannot proxy packets unless 'proxy_requests = yes'
Fri Jul 14 18:07:17 2023 : Debug: (0) Empty post-auth section in virtual server "default".  Using default return values.
Fri Jul 14 18:07:17 2023 : Auth: (0) Login OK: [bob/hello] (from client localhost port 0)
Fri Jul 14 18:07:17 2023 : Debug: (0) Sent Access-Accept Id 51 from 127.0.0.1:1812 to 127.0.0.1:54599 length 32
Fri Jul 14 18:07:17 2023 : Debug: (0)   Reply-Message = "Hello, bob"
Fri Jul 14 18:07:17 2023 : Debug: (0) Finished request
Fri Jul 14 18:07:17 2023 : Debug: Waking up in 4.9 seconds.