Results 1 to 4 of 4

Thread: ارجوكم ساعدوني في الfreeradius

  1. #1
    Join Date
    Jan 2011
    Beans
    19

    Exclamation ارجوكم ساعدوني في الfreeradius

    السلام عليكم ورحمة الله وبركاته

    إخواني الاعزاء
    انا اخوكم حسين من فلسطين واتمنى ان تساعدوني

    مسكلتي في تطبيق شرح برنامج
    freeradius + dolaradius

    الشرح موجود هنا في هذا المنتدي في القسم الاجنبي

    لكني وصلت لخطوة مش فاهم ايش اعمل فيها ومش عارف اكمل

    ياريت حدا منكم تشرحولي الخطوات وتساعدوني في اكمال الخطوات

    رابط الموضوع


    انا بداية مشكلتي من هنا

    Configure the daloradius.conf file in /var/www/daloradius/library/daloradius.conf with the appropriate database information

    restart apache

    Code:
    sudo /etc/init.d/apache2 restart


    Now you need to configure freeradius...joy!

    use your favorite editor vi,nano cough...whatever

    Code:
    sudo vi /etc/freeradius/radius.conf

    There will be a section in there reguarding instantiate for authorize. Just search for sql1 above that create a line with sql. Save and exit.

    Open and edit
    Code:
    /etc/freeradius/sql.conf

    edit the username, password, and make sure it is pointing to 127.0.0.1 or whatever ip your sql server is binding to.
    save and exit

    Open and edit
    Code:
    /etc/freeradius/sites-enabled/default

    uncomment all the sql tags in here (or the ones you want to use with mysql)

    with that done make the following directory and file. Otherwise you won't authenticate.

    Code:
     
    sudo mkdir /var/log/freeradius/radacct/
    Code:
    sudo touch /var/log/freeradius/radacct/sql-relay

    Open up your browser to http://localhost/daloradius

    username administrator

    password radius

    create a user in here
    and a nas if you are using one.

    I would say use radtest but it never worked for me always had errors under 9.04 so far. I was using a Cisco ASA which has a test feature for AAA. But use what ever you are trying to configure with aaa you should now be able to authenticate.

    If you want to run freeradius in test mode so you can see some errors or successes on your console.

    Stop freeradius daemon

    Code:
    sudo /etc/init.d/freeradius stop

    Start freeradius in debug mode

    Code:
    sudo freeradius -X


    الكتابة بالخط الاحمر هي الخطوات الي مش فاهمها

    أرجو منكم أيضاحها لي بالتفصيل ولا تبخلو علي بالتفصيل

    بارك الله فيكم

    وأدامكم للخير عنوانا

  2. #2
    Join Date
    Jan 2010
    Location
    Saudi Arabia
    Beans
    30
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: ارجوكم ساعدوني في الfreeradius

    Quote Originally Posted by mellow heart View Post
    السلام عليكم ورحمة الله وبركاته

    إخواني الاعزاء
    انا اخوكم حسين من فلسطين واتمنى ان تساعدوني

    مسكلتي في تطبيق شرح برنامج
    freeradius + dolaradius

    الشرح موجود هنا في هذا المنتدي في القسم الاجنبي

    لكني وصلت لخطوة مش فاهم ايش اعمل فيها ومش عارف اكمل

    ياريت حدا منكم تشرحولي الخطوات وتساعدوني في اكمال الخطوات

    رابط الموضوع


    انا بداية مشكلتي من هنا

    configure the daloradius.conf file in /var/www/daloradius/library/daloradius.conf with the appropriate database information
    في هذي الخطوة تحتاج تعدل على الملف
    /var/www/daloradius/library/daloradius.conf

    وتضع فيه معلومات قاعدة البيانات الخاصة فيك
    restart apache

    Code:
    sudo /etc/init.d/apache2 restart


    now you need to configure freeradius...joy!

    use your favorite editor vi,nano cough...whatever

    Code:
    sudo vi /etc/freeradius/radius.conf
    there will be a section in there reguarding instantiate for authorize. Just search for sql1 above that create a line with sql. Save and exit.
    وهنا أيضآ تعدل على ملف
    /var/www/daloradius/library/daloradius.conf
    وتبحث عن كلمة sql1
    وتكتب فوقها سطر يحتوي على sql


    مو متأكد من هذي الخطوة آسف
    open and edit
    Code:
    /etc/freeradius/sql.conf
    edit the username, password, and make sure it is pointing to 127.0.0.1 or whatever ip your sql server is binding to.
    save and exit

    open and edit
    Code:
    /etc/freeradius/sites-enabled/default
    uncomment all the sql tags in here (or the ones you want to use with mysql)

    with that done make the following directory and file. Otherwise you won't authenticate.
    برضو هنا تعدل على الملف
    والطريقة إنك تحذف الرمز هذآ قبل بداية كل سطر
    [
    # ]
    Code:
     
    sudo mkdir /var/log/freeradius/radacct/
    Code:
    sudo touch /var/log/freeradius/radacct/sql-relay
    open up your browser to http://localhost/daloradius
    إفتح الرآبط
    username administrator
    إدخل بالمستخدم
    password radius
    وهذآ البآسورد
    create a user in here
    and a nas if you are using one.
    أنشأ لك مستخدم
    i would say use radtest but it never worked for me always had errors under 9.04 so far. I was using a cisco asa which has a test feature for aaa. But use what ever you are trying to configure with aaa you should now be able to authenticate.

    if you want to run freeradius in test mode so you can see some errors or successes on your console.

    stop freeradius daemon

    Code:
    sudo /etc/init.d/freeradius stop
    start freeradius in debug mode

    Code:
    sudo freeradius -x


    الكتابة بالخط الاحمر هي الخطوات الي مش فاهمها

    أرجو منكم أيضاحها لي بالتفصيل ولا تبخلو علي بالتفصيل

    بارك الله فيكم

    وأدامكم للخير عنوانا
    آسف على عدم الشرح أكثر لكن أنآإ مآ اعرف وش يتكلم عنه بالأساس
    فترجمة لك الكلمات بشكل بسيط

    أتمنى أكون أفدتك

  3. #3
    Join Date
    Jan 2011
    Beans
    19

    Re: ارجوكم ساعدوني في الfreeradius

    اخي العزيز Natty Dreed
    مشكور بداية علي مرورك ومحاولة إفادتي
    وبارك الله فيك علي جهدك

    لكي أفيدك
    هذا البرنامج مختص بالشبكات وموزعي خدمة الانترنت
    يسمح للموزع بتحديد سرعات الانترنت وعرض المستخدمين الاون لاين والحجب والترافيك وغيرها الكثيير

    ويعد من أفضل أفضل البرامج

    أكثر خطوة محتاج أفهم شرحها بالتفصيل وأعني بالتفصيل جيدا هذه الخطوة
    Code:
    sudo vi /etc/freeradius/radius.conf
    there will be a section in there reguarding instantiate for authorize. Just search for sql1 above that create a line with sql. Save and exit. 



    ما هو الكود المطلوب مني وضعه ؟؟
    هل كلمة sql فقط
    ام كود معين ؟؟ أرجو التوضيح

    أما بالنسبة للخطوة الثانية

    Code:
    /etc/freeradius/sites-enabled/default
    uncomment all the sql tags in here (or the ones you want to use with mysql)
    
    with that done make the following directory and file. Otherwise you won't authenticate.


    أعرف انه مطلوب مني أزالة علامة #
    لكن من أي سطر فيهم فكل الملف يحتوي علي هذه العلامة #

    ونسخت لكم جزء من الملف علشان تشوفوه
    Code:
      GNU nano 2.2.4     File: /etc/freeradius/sites-enabled/default
    Code:
     
    ######################################################################
    #
    #       As of 2.0.0, FreeRADIUS supports virtual hosts using the
    #       "server" section, and configuration directives.
    #
    #       Virtual hosts should be put into the "sites-available"
    #       directory.  Soft links should be created in the "sites-enabled"
    #       directory to these files.  This is done in a normal installation.
    #
    #       $Id$
    #
    ######################################################################
    #
    #       Read "man radiusd" before editing this file.  See the section
    #       titled DEBUGGING.  It outlines a method where you can quickly
    #       obtain the configuration you want, without running into
    #       trouble.  See also "man unlang", which documents the format
    #       of this file.
    #
      GNU nano 2.2.4     File: /etc/freeradius/sites-enabled/default                
     
    ######################################################################
    #
    #       As of 2.0.0, FreeRADIUS supports virtual hosts using the
    #       "server" section, and configuration directives.
    #
    #       Virtual hosts should be put into the "sites-available"
    #       directory.  Soft links should be created in the "sites-enabled"
    #       directory to these files.  This is done in a normal installation.
    #
    #       $Id$
    #
    ######################################################################
    #
    #       Read "man radiusd" before editing this file.  See the section
    #       titled DEBUGGING.  It outlines a method where you can quickly
    #       obtain the configuration you want, without running into
    #       trouble.  See also "man unlang", which documents the format
    #       of this file.
    #
      GNU nano 2.2.4     File: /etc/freeradius/sites-enabled/default                
     
    #       of this file.
    #
    #       This configuration is designed to work in the widest possible
    #       set of circumstances, with the widest possible number of
    #       authentication methods.  This means that in general, you should
    #       need to make very few changes to this file.
    #
    #       The best way to configure the server for your local system
    #       is to CAREFULLY edit this file.  Most attempts to make large
    #       edits to this file will BREAK THE SERVER.  Any edits should
    #       be small, and tested by running the server with "radiusd -X".
    #       Once the edits have been verified to work, save a copy of these
    #       configuration files somewhere.  (e.g. as a "tar" file).  Then,
    #       make more edits, and test, as above.
    #
    #       There are many "commented out" references to modules such
    #       as ldap, sql, etc.  These references serve as place-holders.
    #       If you need the functionality of that module, then configure
    #       it in radiusd.conf, and un-comment the references to it in
                [ line 18/594 (3%), col 1/22 (4%), char 707/16594 (4%) ]
      GNU nano 2.2.4     File: /etc/freeradius/sites-enabled/default                
     
    #       If you need the functionality of that module, then configure
    #       it in radiusd.conf, and un-comment the references to it in
    #       this file.  In most cases, those small changes will result
    #       in the server being able to connect to the DB, and to
    #       authenticate users.
    #
    ######################################################################
     
    #
    #       In 1.x, the "authorize", etc. sections were global in
    #       radiusd.conf.  As of 2.0, they SHOULD be in a server section.
    #       
    #       The server section with no virtual server name is the "default"
    #       section.  It is used when no server name is specified.
    #
    #       We don't indent the rest of this file, because doing so
    #       would make it harder to read.
    #
      GNU nano 2.2.4     File: /etc/freeradius/sites-enabled/default                
     
    #       
     
    #  Authorization. First preprocess (hints and huntgroups files),
    #  then realms, and finally look in the "users" file.
    #
    #  The order of the realm modules will determine the order that
    #  we try to find a matching realm.
    #
    #  Make *sure* that 'preprocess' comes before any realm if you
    #  need to setup hints for the remote radius server
    authorize {
            #
            #  The preprocess module takes care of sanitizing some bizarre
            #  attributes in the request, and turning them into attributes
            #  which are more standard.
            #
            #  It takes care of processing the 'raddb/hints' and the
            #  'raddb/huntgroups' files.
            preprocess
       GNU nano 2.2.4     File: /etc/freeradius/sites-enabled/default                
     
    #       
     
    #  Authorization. First preprocess (hints and huntgroups files),
    #  then realms, and finally look in the "users" file.
    #
    #  The order of the realm modules will determine the order that
    #  we try to find a matching realm.
    #
    #  Make *sure* that 'preprocess' comes before any realm if you
    #  need to setup hints for the remote radius server
    authorize {
            #
            #  The preprocess module takes care of sanitizing some bizarre
            #  attributes in the request, and turning them into attributes
            #  which are more standard.
            #
            #  It takes care of processing the 'raddb/hints' and the
            #  'raddb/huntgroups' files.
            preprocess
                        #  'raddb/huntgroups' files.
            preprocess
     
            #
            #  If you want to have a log of authentication requests,
            #  un-comment the following line, and the 'detail auth_log'
            #  section, above.
    #       auth_log
     
            #
            #  The chap module will set 'Auth-Type := CHAP' if we are
            #  handling a CHAP request and Auth-Type has not already been set
            chap
     
            #  
            #  If the users are logging in with an MS-CHAP-Challenge
            #  attribute for authentication, the mschap module will find
            #  the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
            #  to the request, which will cause the server to then use
     
            #  the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
            #  to the request, which will cause the server to then use
            #  the mschap module for authentication.
            mschap
     
            #  
            #  If you have a Cisco SIP server authenticating against
            #  FreeRADIUS, uncomment the following line, and the 'digest'
            #  line in the 'authenticate' section.
    #       digest
     
            #
            #  The WiMAX specification says that the Calling-Station-Id
            #  is 6 octets of the MAC.  This definition conflicts with
            #  RFC 3580, and all common RADIUS practices.  Un-commenting
            #  the "wimax" module here means that it will fix the
            #  Calling-Station-Id attribute to the normal format as
            #  specified in RFC 3580 Section 3.21
    #       wimax
      GNU nano 2.2.4     File: /etc/freeradius/sites-enabled/default                
     
            #  specified in RFC 3580 Section 3.21
    #       wimax
     
            #
            #  Look for IPASS style 'realm/', and if not found, look for
            #  '@realm', and decide whether or not to proxy, based on
            #  that.
    #       IPASS
     
            #
            #  If you are using multiple kinds of realms, you probably
            #  want to set "ignore_null = yes" for all of them.
            #  Otherwise, when the first style of realm doesn't match,
            #  the other styles won't be checked.
            #  
            suffix
    #       ntdomain
     
            #  GNU nano 2.2.4     File: /etc/freeradius/sites-enabled/default                
     
    
            #
            #  This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
            #  authentication.
            #  
            #  It also sets the EAP-Type attribute in the request
            #  attribute list to the EAP type from the packet.
            #
            #  As of 2.0, the EAP module returns "ok" in the authorize stage
            #  for TTLS and PEAP.  In 1.x, it never returned "ok" here, so
            #  this change is compatible with older configurations.
            #
            #  The example below uses module failover to avoid querying all
            #  of the following modules if the EAP module returns "ok".
            #  Therefore, your LDAP and/or SQL servers will not be queried
            #  for the many packets that go back and forth to set up TTLS
            #  or PEAP.  The load on those servers will therefore be reduced.
            #
            eap {
      GNU nano 2.2.4     File: /etc/freeradius/sites-enabled/default                
     
            #
            eap {
                    ok = return
            }
     
            #  
            #  Pull crypt'd passwords from /etc/passwd or /etc/shadow,
            #  using the system API's to get the password.  If you want
            #  to read /etc/passwd or /etc/shadow directly, see the
            #  passwd module in radiusd.conf.
            #  
            unix
     
            #  
            #  Read the 'users' file
            files
     
            #
            #  Look in an SQL database.  The schema of the database
    U nano 2.2.4     File: /etc/freeradius/sites-enabled/default                
     
            #
            #  Look in an SQL database.  The schema of the database
            #  is meant to mirror the "users" file.
            #
            #  See "Authorization Queries" in sql.conf
    #       sql
     
            #
            #  If you are using /etc/smbpasswd, and are also doing
            #  mschap authentication, the un-comment this line, and
            #  configure the 'etc_smbpasswd' module, above.
    #       etc_smbpasswd
     
            #  
            #  The ldap module will set Auth-Type to LDAP if it has not
            #  already been set
    #       ldap
     
            #
      GNU nano 2.2.4     File: /etc/freeradius/sites-enabled/default                
     
    
            #  
            #  Enforce daily limits on time spent logged in.
    #       daily
     
            #
            # Use the checkval module
    #       checkval
     
            expiration
            logintime
     
            #
            #  If no other module has claimed responsibility for
            #  authentication, then try to use PAP.  This allows the
            #  other modules listed above to add a "known good" password
            #  to the request, and to do nothing else.  The PAP module
            #  will then see that password, and use it to do PAP
            #  authentication.
      GNU nano 2.2.4     File: /etc/freeradius/sites-enabled/default                
     
            #  will then see that password, and use it to do PAP
            #  authentication.
            #  
            #  This module should be listed last, so that the other modules
            #  get a chance to set Auth-Type for themselves.
            #
            pap
     
            #
            #  If "status_server = yes", then Status-Server messages are passed
            #  through the following section, and ONLY the following section.
            #  This permits you to do DB queries, for example.  If the modules
            #  listed here return "fail", then NO response is sent.
            #  
    #       Autz-Type Status-Server {
    #
    #       }
    }
    }
     
    
    #  Authentication.
    #
    #
    #  This section lists which modules are available for authentication.
    #  Note that it does NOT mean 'try each module in order'.  It means
    #  that a module from the 'authorize' section adds a configuration
    #  attribute 'Auth-Type := FOO'.  That authentication type is then
    #  used to pick the apropriate module from the list below.
    #
     
    #  In general, you SHOULD NOT set the Auth-Type attribute.  The server
    #  will figure it out on its own, and will do the right thing.  The
    #  most common side effect of erroneously setting the Auth-Type
    #  attribute is that one authentication method will work, but the
    #  others will not.
    #  others will not.
    #
    #  The common reasons to set the Auth-Type attribute by hand
    #  is to either forcibly reject the user (Auth-Type := Reject),
    #  or to or forcibly accept the user (Auth-Type := Accept).
    #
    #  Note that Auth-Type := Accept will NOT work with EAP.
    #  
    #  Please do not put "unlang" configurations into the "authenticate"
    #  section.  Put them in the "post-auth" section instead.  That's what
    #  the post-auth section is for.
    #
    authenticate {
            #
            #  PAP authentication, when a back-end database listed
            #  in the 'authorize' section supplies a password.  The
            #  password can be clear-text, or encrypted.
            Auth-Type PAP {
                    pap
            Auth-Type PAP {
                    pap
            }
     
            #
            #  Most people want CHAP authentication
            #  A back-end database listed in the 'authorize' section
            #  MUST supply a CLEAR TEXT password.  Encrypted passwords
            #  won't work.
            Auth-Type CHAP {
                    chap
            }
     
            #
            #  MSCHAP authentication.
            Auth-Type MS-CHAP {
                    mschap
            }
            }
     
            #
            #  If you have a Cisco SIP server authenticating against
            #  FreeRADIUS, uncomment the following line, and the 'digest'
            #  line in the 'authorize' section.
    #       digest
     
            #  
            #  Pluggable Authentication Modules.
    #       pam
     
            #
            #  See 'man getpwent' for information on how the 'unix'
            #  module checks the users password.  Note that packets
            #  containing CHAP-Password attributes CANNOT be authenticated
            #  against /etc/passwd!  See the FAQ for details.
            #
            unix
            #
            unix
     
            # Uncomment it if you want to use ldap for authentication
            #
            # Note that this means "check plain-text password against
            # the ldap database", which means that EAP won't work,
            # as it does not supply a plain-text password.
    #       Auth-Type LDAP {
    #               ldap
    #       }
     
            #
            #  Allow EAP authentication.
            eap
     
            #  
            #  The older configurations sent a number of attributes in
            #  Access-Challenge packets, which wasn't strictly correct.
            #  The older configurations sent a number of attributes in
            #  Access-Challenge packets, which wasn't strictly correct.
            #  If you want to filter out these attributes, uncomment
            #  the following lines.
            #
    #       Auth-Type eap {
    #               eap {
    #                       handled = 1
    #               }
    #               if (handled && (Response-Packet-Type == Access-Challenge)) {
    #                       attr_filter.access_challenge.post-auth
    #                       handled  # override the "updated" code from attr_filter
    #               }
    #       }
    }
     
    
    #
    #  Pre-accounting.  Decide which accounting type to use
    



    في هذه الخطوة لما انفذها بعطيني هذا الخطا مش عارف هل لاني مش مكمل الخطوات ام لا
    في شغله تانيه هل هذا الرابط الصحيح للدخول للبرنامج ام يوجد له تعديل ؟؟

    Code:
    Not Found
    Code:
     
    The requested URL /daloradius was not found on this server.
    Apache/2.2.16 (Ubuntu) Server at localhost Port 80
    


    ما المقصود بهذه الخطوة

    Code:
    and a nas if you are using one



    ومشكورين جدا وأتمنى التفاعل معي

    او ان تدلوني علي احد يساعدني في حل هذه المشكلة

    بورك فيكم




  4. #4
    Join Date
    Jan 2011
    Beans
    19

    Re: ارجوكم ساعدوني في الfreeradius

    plz help me ....

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •