Slackware 14.0 - PPPOE Server / FreeRADIUS 2.1.12 / MySQL ========================================================= Public domain ******************************************************************************** Phase 1 - configure PPPOE Server for standalone authentication ------------------------- ******************************************************************************** ******************************************************************************** ### Backup mv /etc/ppp/options{,.bak} mv /etc/ppp/pppoe-server-options{,.bak} ******************************************************************************** ### /etc/ppp/options lock ******************************************************************************** ### /etc/ppp/pppoe-server-options name pppoes require-chap noipdefault mru 1492 mtu 1492 lcp-max-configure 60 lcp-restart 2 lcp-echo-interval 30 lcp-echo-failure 4 idle 0 noipx proxyarp ms-dns 8.8.8.8 #debug dump logfd 2 nodetach ******************************************************************************** ### /etc/ppp/chap-secrets pejman pppoes 123456 * ******************************************************************************** ### /etc/ppp/pppoe.conf LINUX_PLUGIN=/usr/lib/pppd/2.4.5/rp-pppoe.so ******************************************************************************** ### pppd incompatibility cd /etc/ppp/plugins/ [ ! -e rp-pppoe.so-2.4.4 ] && cp rp-pppoe.so rp-pppoe.so-2.4.4 cp /usr/lib/pppd/2.4.5/rp-pppoe.so /etc/ppp/plugins/ ******************************************************************************** ### /etc/rc.d/rc.pppoe-server #!/bin/bash # # /etc/rc.d/rc.pppoe-server # # Configuration SRVNAME="Linux-PPPOE-Server" MAXCON=250 LOCALIP=10.0.0.1 STARTIP=10.0.0.10 USRIF=eth1 HOSTNAME=$(hostname) start () { modprobe pppoe ifconfig $USRIF up /usr/sbin/pppoe-server -k -I $USRIF -N $MAXCON -C $HOSTNAME -S $SRVNAME -L $LOCALIP -R $STARTIP } case "$1" in 'start') echo 'Starting pppoe-server ...' PID=$(pgrep '^pppoe-server$') if [ "$PID" == "" ] ; then start else echo 'pppoe-server is already running !!!' fi ;; 'stop') echo 'Stoping pppoe-server ...' killall pppoe-server ;; 'restart') echo 'Restarting pppoe-server ...' killall pppoe-server sleep 2 start ;; *) echo "Usage: $0 {start|stop|restart}" ;; esac ******************************************************************************** ### Launch chmod +x /etc/rc.d/rc.pppoe-server /etc/rc.d/rc.pppoe-server start * Test With Client Connection ******************************************************************************** Phase 2 - configure radius server for in-file authentication ------------- ******************************************************************************** ******************************************************************************** ### FreeRADIUS cd /usr/src wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.12.tar.gz tar zxf freeradius-server-2.1.12.tar.gz cd freeradius-server-2.1.12 ./configure --prefix=/usr/local/freeradius && make && make install cp /usr/local/freeradius/etc/raddb/users{,.bak-$(date +%F)} ******************************************************************************** ### /usr/local/freeradius/etc/raddb/users pejman User-Password := "123456" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Compression = Van-Jacobsen-TCP-IP ******************************************************************************** ### Launch /usr/local/freeradius/sbin/radiusd -X ******************************************************************************** ### /etc/rc.d/rc.radiusd #!/bin/sh # # /etc/rc.d/rc.radiusd # case "$1" in 'start') echo 'Starting radiusd ...' PID=$(pgrep '^radiusd$') if [ "$PID" == "" ] ; then /usr/local/freeradius/sbin/radiusd else echo "radiusd is already running (PID: $PID) !!!" fi ;; 'stop') echo 'Stoping radiusd ...' killall radiusd ;; 'restart') echo 'Restarting radiusd ...' killall radiusd sleep 2 /usr/local/freeradius/sbin/radiusd ;; *) echo "Usage: $0 [start|stop|restart]" ;; esac ******************************************************************************** ### Launch chmod +x /etc/rc.d/rc.radiusd /etc/rc.d/rc.radiusd start ******************************************************************************** ### Test expand /usr/local/freeradius/etc/raddb/clients.conf | sed -e 's,#.*,,' -e '/^ *$/d' echo User-Name = "pejman", User-Password = "123456" | /usr/local/freeradius/bin/radclient 127.0.0.1 auth testing123 /usr/local/freeradius/bin/radtest pejman 123456 127.0.0.1 10 testing123 ******************************************************************************** Phase 3 - Change PPPOE server to use radius authentication ---------- ******************************************************************************** ******************************************************************************** ### /etc/ppp/pppoe-server-options . . plugin radius.so plugin radattr.so . . ******************************************************************************** ### /etc/radiusclient/servers 127.0.0.1 testing123 ******************************************************************************** ### /etc/radiusclient/dictionary . . ATTRIBUTE CHAP-Challenge 60 string INCLUDE /etc/radiusclient/dictionary.microsoft ******************************************************************************** ### /etc/ppp/chap-secrets #pejman pptpd 123456 * ******************************************************************************** ### Restart /etc/rc.d/rc.pppoe-server restart ******************************************************************************** Phase 4 - Config database server --------------- ******************************************************************************** ******************************************************************************** ### Mysql Secure Installarion Wizard /storage/mysql-5.5.22/bin/mysql_secure_installation ******************************************************************************** ### /etc/rc.d/rc.mysqld #SKIP="--skip-networking" ******************************************************************************** ### Restart /etc/rc.d/rc.mysqld restart nmap 127.0.0.1 netstat -tunapo | grep mysql ******************************************************************************** ### radius database create database radius; use radius; source /usr/local/freeradius/etc/raddb/sql/mysql/schema.sql; show tables; ******************************************************************************** ### new group use radius; INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Framed-Compression','Van-Jacobson-TCP-IP' ); INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Framed-Protocol', 'PPP' ); INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Service-Type', 'Framed-User' ); ******************************************************************************** ### new user use radius; INSERT INTO radusergroup (UserName, GroupName, priority) VALUES ('pejman', 'normalusers', 1); INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('pejman', 'Password', '123456'); INSERT INTO radreply (UserName, Attribute, Value) VALUES ('pejman', 'Framed-IP-Address', '172.16.3.33'); ******************************************************************************** ### Check tables; use radius; select * from radgroupreply; select * from radusergroup; select * from radcheck; select * from radreply; ******************************************************************************** Phase 5 - Configure radius server to use mysql as backend ------------- ******************************************************************************** ******************************************************************************** ### /usr/local/freeradius/etc/raddb/users # pejman Cleartext-Password := "123456" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-Compression = Van-Jacobsen-TCP-IP ******************************************************************************** ### /usr/local/freeradius/etc/raddb/radiusd.conf . . $INCLUDE sql.conf . . ******************************************************************************** ### /usr/local/freeradius/etc/raddb/sql.conf . . sql { database = "mysql" driver = "rlm_sql_${database}" server = "localhost" #port = 3306 login = "root" password = "123456" radius_db = "radius" . . ******************************************************************************** ### Backup cp /usr/local/freeradius/etc/raddb/sites-available/default{,.bak} ******************************************************************************** ### check config file expand /usr/local/freeradius/etc/raddb/sites-available/default | egrep -v '^#|^ *$|^ *#' expand /usr/local/freeradius/etc/raddb/sites-available/default | sed -e 's,#.*,,' -e '/^ *$/d' ******************************************************************************** ### /usr/local/freeradius/etc/raddb/sites-available/default authorize { preprocess chap mschap suffix sql expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } } preacct { preprocess acct_unique suffix } accounting { detail unix radutmp sql attr_filter.accounting_response } session { radutmp sql } post-auth { sql exec Post-Auth-Type REJECT { attr_filter.access_reject } } pre-proxy { } post-proxy { eap } ******************************************************************************** ### Restart /etc/rc.d/rc.radiusd restart ******************************************************************************** ### /etc/rc.d/rc.local # Start FreeRADIUS server: if [ -x /etc/rc.d/rc.radiusd ]; then /etc/rc.d/rc.radiusd start fi # Start PPPOE server: if [ -x /etc/rc.d/rc.pppoe-server ]; then /etc/rc.d/rc.pppoe-server start fi ******************************************************************************** ### /etc/rc.d/rc.local_shutdown #!/bin/bash # Stop PPPOE server: if [ -x /etc/rc.d/rc.pppoe-server ]; then /etc/rc.d/rc.pppoe-server stop fi # Stop FreeRADIUS server: if [ -x /etc/rc.d/rc.radiusd ]; then /etc/rc.d/rc.radiusd stop fi ******************************************************************************** ### Commands chmod +x /etc/rc.d/rc.local_shutdown ******************************************************************************** _BY: Pejman Moghadam_ _TAG: freeradius, mysql, pppoe-server, radiusclient, radius_ _DATE: 2013-01-22 13:16:09_