Pejman Moghadam / Slackware

Slackware 14.0 - PPPOE Server / FreeRADIUS 2.1.12 / MySQL

Public domain


Phase 1 - configure PPPOE Server for standalone authentication



Backup

mv /etc/ppp/options{,.bak}
mv /etc/ppp/pppoe-server-options{,.bak}

/etc/ppp/options

lock

/etc/ppp/pppoe-server-options

name pppoes
require-chap
noipdefault
mru 1492
mtu 1492
lcp-max-configure 60
lcp-restart 2
lcp-echo-interval 30
lcp-echo-failure 4
idle 0
noipx
proxyarp
ms-dns 8.8.8.8
#debug dump logfd 2 nodetach

/etc/ppp/chap-secrets

pejman pppoes 123456 *

/etc/ppp/pppoe.conf

LINUX_PLUGIN=/usr/lib/pppd/2.4.5/rp-pppoe.so

pppd incompatibility

cd /etc/ppp/plugins/
[ ! -e rp-pppoe.so-2.4.4 ] && cp rp-pppoe.so rp-pppoe.so-2.4.4
cp /usr/lib/pppd/2.4.5/rp-pppoe.so /etc/ppp/plugins/

/etc/rc.d/rc.pppoe-server

#!/bin/bash
#
# /etc/rc.d/rc.pppoe-server
#

# Configuration
SRVNAME="Linux-PPPOE-Server"
MAXCON=250
LOCALIP=10.0.0.1
STARTIP=10.0.0.10
USRIF=eth1
HOSTNAME=$(hostname)

start ()
{
  modprobe pppoe
  ifconfig $USRIF up
  /usr/sbin/pppoe-server -k -I $USRIF -N $MAXCON -C $HOSTNAME -S $SRVNAME -L $LOCALIP -R $STARTIP
}

case "$1" in
  'start')
    echo 'Starting pppoe-server ...'
    PID=$(pgrep '^pppoe-server$')
    if [ "$PID" == "" ] ; then
      start
    else
      echo 'pppoe-server is already running !!!'
    fi
    ;;
  'stop')
    echo 'Stoping pppoe-server ...'
    killall pppoe-server
    ;;
  'restart')
    echo 'Restarting pppoe-server ...'
    killall pppoe-server
    sleep 2
    start
    ;;
  *)
    echo "Usage: $0 {start|stop|restart}"
    ;;
esac

Launch

chmod +x /etc/rc.d/rc.pppoe-server
/etc/rc.d/rc.pppoe-server start

Phase 2 - configure radius server for in-file authentication



FreeRADIUS

cd /usr/src
wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.12.tar.gz
tar zxf freeradius-server-2.1.12.tar.gz
cd freeradius-server-2.1.12
./configure --prefix=/usr/local/freeradius && make && make install
cp /usr/local/freeradius/etc/raddb/users{,.bak-$(date +%F)}

/usr/local/freeradius/etc/raddb/users

pejman User-Password := "123456"
      Service-Type = Framed-User,
      Framed-Protocol = PPP,
      Framed-Compression = Van-Jacobsen-TCP-IP

Launch

/usr/local/freeradius/sbin/radiusd -X

/etc/rc.d/rc.radiusd

#!/bin/sh
#
# /etc/rc.d/rc.radiusd
#

case "$1" in
  'start')
    echo 'Starting radiusd ...'
    PID=$(pgrep '^radiusd$')
    if [ "$PID" == "" ] ; then
      /usr/local/freeradius/sbin/radiusd
    else
      echo "radiusd is already running (PID: $PID) !!!"
    fi
    ;;
  'stop')
    echo 'Stoping radiusd ...'
    killall radiusd
    ;;
  'restart')
    echo 'Restarting radiusd ...'
    killall radiusd
    sleep 2
    /usr/local/freeradius/sbin/radiusd
    ;;
  *)
    echo "Usage: $0 [start|stop|restart]"
    ;;
esac

Launch

chmod +x /etc/rc.d/rc.radiusd
/etc/rc.d/rc.radiusd start

Test

expand  /usr/local/freeradius/etc/raddb/clients.conf | sed -e 's,#.*,,' -e '/^ *$/d'
echo User-Name = "pejman", User-Password = "123456" | /usr/local/freeradius/bin/radclient 127.0.0.1 auth testing123
/usr/local/freeradius/bin/radtest pejman  123456 127.0.0.1 10 testing123

Phase 3 - Change PPPOE server to use radius authentication



/etc/ppp/pppoe-server-options

.
.
plugin radius.so
plugin radattr.so
.
.

/etc/radiusclient/servers

127.0.0.1       testing123

/etc/radiusclient/dictionary

.
.
ATTRIBUTE       CHAP-Challenge          60      string
INCLUDE /etc/radiusclient/dictionary.microsoft

/etc/ppp/chap-secrets

#pejman pptpd 123456 *

Restart

/etc/rc.d/rc.pppoe-server restart

Phase 4 - Config database server



Mysql Secure Installarion Wizard

/storage/mysql-5.5.22/bin/mysql_secure_installation

/etc/rc.d/rc.mysqld

#SKIP="--skip-networking"

Restart

/etc/rc.d/rc.mysqld restart
nmap 127.0.0.1
netstat -tunapo | grep mysql

radius database

create database radius;
use radius;
source /usr/local/freeradius/etc/raddb/sql/mysql/schema.sql;
show tables;

new group

use radius;
INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Framed-Compression','Van-Jacobson-TCP-IP' );
INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Framed-Protocol', 'PPP' );
INSERT INTO radgroupreply (GroupName, Attribute, Value) VALUES ('normalusers', 'Service-Type', 'Framed-User' );

new user

use radius;
INSERT INTO radusergroup (UserName, GroupName, priority) VALUES ('pejman', 'normalusers', 1);
INSERT INTO radcheck     (UserName, Attribute, Value)    VALUES ('pejman', 'Password', '123456');
INSERT INTO radreply     (UserName, Attribute, Value)    VALUES ('pejman', 'Framed-IP-Address', '172.16.3.33');

Check tables;

use radius;
select * from radgroupreply;
select * from radusergroup;
select * from radcheck;
select * from radreply;

Phase 5 - Configure radius server to use mysql as backend



/usr/local/freeradius/etc/raddb/users

# pejman Cleartext-Password := "123456"
#      Service-Type = Framed-User,
#      Framed-Protocol = PPP,
#      Framed-Compression = Van-Jacobsen-TCP-IP

/usr/local/freeradius/etc/raddb/radiusd.conf

.
.
$INCLUDE sql.conf
.
.

/usr/local/freeradius/etc/raddb/sql.conf

.
.
  sql {
    database = "mysql"
    driver = "rlm_sql_${database}"
    server = "localhost"
    #port = 3306
    login = "root"
    password = "123456"
    radius_db = "radius"
.
.

Backup

cp /usr/local/freeradius/etc/raddb/sites-available/default{,.bak}

check config file

expand /usr/local/freeradius/etc/raddb/sites-available/default | egrep -v '^#|^ *$|^ *#'
expand /usr/local/freeradius/etc/raddb/sites-available/default | sed -e 's,#.*,,' -e '/^ *$/d'

/usr/local/freeradius/etc/raddb/sites-available/default

authorize {
    preprocess
    chap
    mschap
    suffix
    sql
    expiration
    logintime
    pap
}
authenticate {
    Auth-Type PAP {
            pap
    }
    Auth-Type CHAP {
            chap
    }
    Auth-Type MS-CHAP {
            mschap
    }
}
preacct {
    preprocess
    acct_unique
    suffix
}
accounting {
    detail
    unix
    radutmp
    sql
    attr_filter.accounting_response
}
session {
    radutmp
    sql
}
post-auth {
    sql
    exec
    Post-Auth-Type REJECT {
            attr_filter.access_reject
    }
}
pre-proxy {
}
post-proxy {
    eap
}

Restart

/etc/rc.d/rc.radiusd restart

/etc/rc.d/rc.local

# Start FreeRADIUS server:
if [ -x /etc/rc.d/rc.radiusd ]; then
  /etc/rc.d/rc.radiusd start
fi

# Start PPPOE server:
if [ -x /etc/rc.d/rc.pppoe-server ]; then
  /etc/rc.d/rc.pppoe-server start
fi

/etc/rc.d/rc.local_shutdown

#!/bin/bash

# Stop PPPOE server:
if [ -x /etc/rc.d/rc.pppoe-server ]; then
  /etc/rc.d/rc.pppoe-server stop
fi

# Stop FreeRADIUS server:
if [ -x /etc/rc.d/rc.radiusd ]; then
  /etc/rc.d/rc.radiusd stop
fi

Commands

chmod +x /etc/rc.d/rc.local_shutdown

BY: Pejman Moghadam
TAG: freeradius, mysql, pppoe-server, radiusclient, radius
DATE: 2013-01-22 13:16:09


Pejman Moghadam / Slackware [ TXT ]