PDA

View Full Version : ارجوكم ساعدوني في الfreeradius



Mellow Heart
February 2nd, 2011, 11:38 PM
السلام عليكم ورحمة الله وبركاته


إخواني الاعزاء
انا اخوكم حسين من فلسطين واتمنى ان تساعدوني


مسكلتي في تطبيق شرح برنامج
freeradius + dolaradius


الشرح موجود هنا في هذا المنتدي في القسم الاجنبي


لكني وصلت لخطوة مش فاهم ايش اعمل فيها ومش عارف اكمل


ياريت حدا منكم تشرحولي الخطوات وتساعدوني في اكمال الخطوات


رابط الموضوع


http://ubuntuforums.org/showthread.php?t=1169178 (http://ubuntuforums.org/showthread.php?t=1169178)


انا بداية مشكلتي من هنا


Configure the daloradius.conf file in /var/www/daloradius/library/daloradius.conf with the appropriate database information


restart apache


sudo /etc/init.d/apache2 restart



Now you need to configure freeradius...joy!


use your favorite editor vi,nano cough...whatever



sudo vi /etc/freeradius/radius.conf

There will be a section in there reguarding instantiate for authorize. Just search for sql1 above that create a line with sql. Save and exit.


Open and edit

/etc/freeradius/sql.conf

edit the username, password, and make sure it is pointing to 127.0.0.1 or whatever ip your sql server is binding to.
save and exit


Open and edit

/etc/freeradius/sites-enabled/default

uncomment all the sql tags in here (or the ones you want to use with mysql)


with that done make the following directory and file. Otherwise you won't authenticate.




sudo mkdir /var/log/freeradius/radacct/


sudo touch /var/log/freeradius/radacct/sql-relay

Open up your browser to http://localhost/daloradius (http://localhost/daloradius)


username administrator


password radius


create a user in here
and a nas if you are using one.


I would say use radtest but it never worked for me always had errors under 9.04 so far. I was using a Cisco ASA which has a test feature for AAA. But use what ever you are trying to configure with aaa you should now be able to authenticate.


If you want to run freeradius in test mode so you can see some errors or successes on your console.


Stop freeradius daemon



sudo /etc/init.d/freeradius stop

Start freeradius in debug mode



sudo freeradius -X




الكتابة بالخط الاحمر هي الخطوات الي مش فاهمها


أرجو منكم أيضاحها لي بالتفصيل ولا تبخلو علي بالتفصيل


بارك الله فيكم


وأدامكم للخير عنوانا

Natty Dreed
February 3rd, 2011, 11:52 AM
السلام عليكم ورحمة الله وبركاته


إخواني الاعزاء
انا اخوكم حسين من فلسطين واتمنى ان تساعدوني


مسكلتي في تطبيق شرح برنامج
freeradius + dolaradius


الشرح موجود هنا في هذا المنتدي في القسم الاجنبي


لكني وصلت لخطوة مش فاهم ايش اعمل فيها ومش عارف اكمل


ياريت حدا منكم تشرحولي الخطوات وتساعدوني في اكمال الخطوات


رابط الموضوع


http://ubuntuforums.org/showthread.php?t=1169178 (http://ubuntuforums.org/showthread.php?t=1169178)


انا بداية مشكلتي من هنا


configure the daloradius.conf file in /var/www/daloradius/library/daloradius.conf with the appropriate database information

في هذي الخطوة تحتاج تعدل على الملف
/var/www/daloradius/library/daloradius.conf

وتضع فيه معلومات قاعدة البيانات الخاصة فيك
restart apache


sudo /etc/init.d/apache2 restart


now you need to configure freeradius...joy!


use your favorite editor vi,nano cough...whatever



sudo vi /etc/freeradius/radius.conf
there will be a section in there reguarding instantiate for authorize. Just search for sql1 above that create a line with sql. Save and exit.

وهنا أيضآ تعدل على ملف
/var/www/daloradius/library/daloradius.conf
وتبحث عن كلمة sql1
وتكتب فوقها سطر يحتوي على sql

مو متأكد من هذي الخطوة آسف
open and edit

/etc/freeradius/sql.conf
edit the username, password, and make sure it is pointing to 127.0.0.1 or whatever ip your sql server is binding to.
save and exit


open and edit

/etc/freeradius/sites-enabled/default
uncomment all the sql tags in here (or the ones you want to use with mysql)


with that done make the following directory and file. Otherwise you won't authenticate.

برضو هنا تعدل على الملف
والطريقة إنك تحذف الرمز هذآ قبل بداية كل سطر
[ # ]


sudo mkdir /var/log/freeradius/radacct/

sudo touch /var/log/freeradius/radacct/sql-relay
open up your browser to http://localhost/daloradius (http://localhost/daloradius)

إفتح الرآبط
username administrator

إدخل بالمستخدم
password radius

وهذآ البآسورد
create a user in here
and a nas if you are using one.

أنشأ لك مستخدم
i would say use radtest but it never worked for me always had errors under 9.04 so far. I was using a cisco asa which has a test feature for aaa. But use what ever you are trying to configure with aaa you should now be able to authenticate.


if you want to run freeradius in test mode so you can see some errors or successes on your console.


stop freeradius daemon



sudo /etc/init.d/freeradius stop
start freeradius in debug mode



sudo freeradius -x



الكتابة بالخط الاحمر هي الخطوات الي مش فاهمها


أرجو منكم أيضاحها لي بالتفصيل ولا تبخلو علي بالتفصيل


بارك الله فيكم


وأدامكم للخير عنوانا


آسف على عدم الشرح أكثر لكن أنآإ مآ اعرف وش يتكلم عنه بالأساس
فترجمة لك الكلمات بشكل بسيط

أتمنى أكون أفدتك

Mellow Heart
February 3rd, 2011, 12:49 PM
اخي العزيز Natty Dreed
مشكور بداية علي مرورك ومحاولة إفادتي
وبارك الله فيك علي جهدك

لكي أفيدك
هذا البرنامج مختص بالشبكات وموزعي خدمة الانترنت
يسمح للموزع بتحديد سرعات الانترنت وعرض المستخدمين الاون لاين والحجب والترافيك وغيرها الكثيير

ويعد من أفضل أفضل البرامج

أكثر خطوة محتاج أفهم شرحها بالتفصيل وأعني بالتفصيل جيدا هذه الخطوة


sudo vi /etc/freeradius/radius.conf
there will be a section in there reguarding instantiate for authorize. Just search for sql1 above that create a line with sql. Save and exit.


ما هو الكود المطلوب مني وضعه ؟؟
هل كلمة sql فقط
ام كود معين ؟؟ أرجو التوضيح

أما بالنسبة للخطوة الثانية



/etc/freeradius/sites-enabled/default
uncomment all the sql tags in here (or the ones you want to use with mysql)

with that done make the following directory and file. Otherwise you won't authenticate.

أعرف انه مطلوب مني أزالة علامة #
لكن من أي سطر فيهم فكل الملف يحتوي علي هذه العلامة #

ونسخت لكم جزء من الملف علشان تشوفوه

GNU nano 2.2.4 File: /etc/freeradius/sites-enabled/default

################################################## ####################
#
# As of 2.0.0, FreeRADIUS supports virtual hosts using the
# "server" section, and configuration directives.
#
# Virtual hosts should be put into the "sites-available"
# directory. Soft links should be created in the "sites-enabled"
# directory to these files. This is done in a normal installation.
#
# $Id$
#
################################################## ####################
#
# Read "man radiusd" before editing this file. See the section
# titled DEBUGGING. It outlines a method where you can quickly
# obtain the configuration you want, without running into
# trouble. See also "man unlang", which documents the format
# of this file.
#
GNU nano 2.2.4 File: /etc/freeradius/sites-enabled/default

################################################## ####################
#
# As of 2.0.0, FreeRADIUS supports virtual hosts using the
# "server" section, and configuration directives.
#
# Virtual hosts should be put into the "sites-available"
# directory. Soft links should be created in the "sites-enabled"
# directory to these files. This is done in a normal installation.
#
# $Id$
#
################################################## ####################
#
# Read "man radiusd" before editing this file. See the section
# titled DEBUGGING. It outlines a method where you can quickly
# obtain the configuration you want, without running into
# trouble. See also "man unlang", which documents the format
# of this file.
#
GNU nano 2.2.4 File: /etc/freeradius/sites-enabled/default

# of this file.
#
# This configuration is designed to work in the widest possible
# set of circumstances, with the widest possible number of
# authentication methods. This means that in general, you should
# need to make very few changes to this file.
#
# The best way to configure the server for your local system
# is to CAREFULLY edit this file. Most attempts to make large
# edits to this file will BREAK THE SERVER. Any edits should
# be small, and tested by running the server with "radiusd -X".
# Once the edits have been verified to work, save a copy of these
# configuration files somewhere. (e.g. as a "tar" file). Then,
# make more edits, and test, as above.
#
# There are many "commented out" references to modules such
# as ldap, sql, etc. These references serve as place-holders.
# If you need the functionality of that module, then configure
# it in radiusd.conf, and un-comment the references to it in
[ line 18/594 (3%), col 1/22 (4%), char 707/16594 (4%) ]
GNU nano 2.2.4 File: /etc/freeradius/sites-enabled/default

# If you need the functionality of that module, then configure
# it in radiusd.conf, and un-comment the references to it in
# this file. In most cases, those small changes will result
# in the server being able to connect to the DB, and to
# authenticate users.
#
################################################## ####################

#
# In 1.x, the "authorize", etc. sections were global in
# radiusd.conf. As of 2.0, they SHOULD be in a server section.
#
# The server section with no virtual server name is the "default"
# section. It is used when no server name is specified.
#
# We don't indent the rest of this file, because doing so
# would make it harder to read.
#
GNU nano 2.2.4 File: /etc/freeradius/sites-enabled/default

#

# Authorization. First preprocess (hints and huntgroups files),
# then realms, and finally look in the "users" file.
#
# The order of the realm modules will determine the order that
# we try to find a matching realm.
#
# Make *sure* that 'preprocess' comes before any realm if you
# need to setup hints for the remote radius server
authorize {
#
# The preprocess module takes care of sanitizing some bizarre
# attributes in the request, and turning them into attributes
# which are more standard.
#
# It takes care of processing the 'raddb/hints' and the
# 'raddb/huntgroups' files.
preprocess
GNU nano 2.2.4 File: /etc/freeradius/sites-enabled/default

#

# Authorization. First preprocess (hints and huntgroups files),
# then realms, and finally look in the "users" file.
#
# The order of the realm modules will determine the order that
# we try to find a matching realm.
#
# Make *sure* that 'preprocess' comes before any realm if you
# need to setup hints for the remote radius server
authorize {
#
# The preprocess module takes care of sanitizing some bizarre
# attributes in the request, and turning them into attributes
# which are more standard.
#
# It takes care of processing the 'raddb/hints' and the
# 'raddb/huntgroups' files.
preprocess
# 'raddb/huntgroups' files.
preprocess

#
# If you want to have a log of authentication requests,
# un-comment the following line, and the 'detail auth_log'
# section, above.
# auth_log

#
# The chap module will set 'Auth-Type := CHAP' if we are
# handling a CHAP request and Auth-Type has not already been set
chap

#
# If the users are logging in with an MS-CHAP-Challenge
# attribute for authentication, the mschap module will find
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
# to the request, which will cause the server to then use

# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
# to the request, which will cause the server to then use
# the mschap module for authentication.
mschap

#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authenticate' section.
# digest

#
# The WiMAX specification says that the Calling-Station-Id
# is 6 octets of the MAC. This definition conflicts with
# RFC 3580, and all common RADIUS practices. Un-commenting
# the "wimax" module here means that it will fix the
# Calling-Station-Id attribute to the normal format as
# specified in RFC 3580 Section 3.21
# wimax
GNU nano 2.2.4 File: /etc/freeradius/sites-enabled/default

# specified in RFC 3580 Section 3.21
# wimax

#
# Look for IPASS style 'realm/', and if not found, look for
# '@realm' ('@realm'), and decide whether or not to proxy, based on
# that.
# IPASS

#
# If you are using multiple kinds of realms, you probably
# want to set "ignore_null = yes" for all of them.
# Otherwise, when the first style of realm doesn't match,
# the other styles won't be checked.
#
suffix
# ntdomain

# GNU nano 2.2.4 File: /etc/freeradius/sites-enabled/default


#
# This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP
# authentication.
#
# It also sets the EAP-Type attribute in the request
# attribute list to the EAP type from the packet.
#
# As of 2.0, the EAP module returns "ok" in the authorize stage
# for TTLS and PEAP. In 1.x, it never returned "ok" here, so
# this change is compatible with older configurations.
#
# The example below uses module failover to avoid querying all
# of the following modules if the EAP module returns "ok".
# Therefore, your LDAP and/or SQL servers will not be queried
# for the many packets that go back and forth to set up TTLS
# or PEAP. The load on those servers will therefore be reduced.
#
eap {
GNU nano 2.2.4 File: /etc/freeradius/sites-enabled/default

#
eap {
ok = return
}

#
# Pull crypt'd passwords from /etc/passwd or /etc/shadow,
# using the system API's to get the password. If you want
# to read /etc/passwd or /etc/shadow directly, see the
# passwd module in radiusd.conf.
#
unix

#
# Read the 'users' file
files

#
# Look in an SQL database. The schema of the database
U nano 2.2.4 File: /etc/freeradius/sites-enabled/default

#
# Look in an SQL database. The schema of the database
# is meant to mirror the "users" file.
#
# See "Authorization Queries" in sql.conf
# sql

#
# If you are using /etc/smbpasswd, and are also doing
# mschap authentication, the un-comment this line, and
# configure the 'etc_smbpasswd' module, above.
# etc_smbpasswd

#
# The ldap module will set Auth-Type to LDAP if it has not
# already been set
# ldap

#
GNU nano 2.2.4 File: /etc/freeradius/sites-enabled/default


#
# Enforce daily limits on time spent logged in.
# daily

#
# Use the checkval module
# checkval

expiration
logintime

#
# If no other module has claimed responsibility for
# authentication, then try to use PAP. This allows the
# other modules listed above to add a "known good" password
# to the request, and to do nothing else. The PAP module
# will then see that password, and use it to do PAP
# authentication.
GNU nano 2.2.4 File: /etc/freeradius/sites-enabled/default

# will then see that password, and use it to do PAP
# authentication.
#
# This module should be listed last, so that the other modules
# get a chance to set Auth-Type for themselves.
#
pap

#
# If "status_server = yes", then Status-Server messages are passed
# through the following section, and ONLY the following section.
# This permits you to do DB queries, for example. If the modules
# listed here return "fail", then NO response is sent.
#
# Autz-Type Status-Server {
#
# }
}
}


# Authentication.
#
#
# This section lists which modules are available for authentication.
# Note that it does NOT mean 'try each module in order'. It means
# that a module from the 'authorize' section adds a configuration
# attribute 'Auth-Type := FOO'. That authentication type is then
# used to pick the apropriate module from the list below.
#

# In general, you SHOULD NOT set the Auth-Type attribute. The server
# will figure it out on its own, and will do the right thing. The
# most common side effect of erroneously setting the Auth-Type
# attribute is that one authentication method will work, but the
# others will not.
# others will not.
#
# The common reasons to set the Auth-Type attribute by hand
# is to either forcibly reject the user (Auth-Type := Reject),
# or to or forcibly accept the user (Auth-Type := Accept).
#
# Note that Auth-Type := Accept will NOT work with EAP.
#
# Please do not put "unlang" configurations into the "authenticate"
# section. Put them in the "post-auth" section instead. That's what
# the post-auth section is for.
#
authenticate {
#
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
Auth-Type PAP {
pap
Auth-Type PAP {
pap
}

#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
Auth-Type CHAP {
chap
}

#
# MSCHAP authentication.
Auth-Type MS-CHAP {
mschap
}
}

#
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authorize' section.
# digest

#
# Pluggable Authentication Modules.
# pam

#
# See 'man getpwent' for information on how the 'unix'
# module checks the users password. Note that packets
# containing CHAP-Password attributes CANNOT be authenticated
# against /etc/passwd! See the FAQ for details.
#
unix
#
unix

# Uncomment it if you want to use ldap for authentication
#
# Note that this means "check plain-text password against
# the ldap database", which means that EAP won't work,
# as it does not supply a plain-text password.
# Auth-Type LDAP {
# ldap
# }

#
# Allow EAP authentication.
eap

#
# The older configurations sent a number of attributes in
# Access-Challenge packets, which wasn't strictly correct.
# The older configurations sent a number of attributes in
# Access-Challenge packets, which wasn't strictly correct.
# If you want to filter out these attributes, uncomment
# the following lines.
#
# Auth-Type eap {
# eap {
# handled = 1
# }
# if (handled && (Response-Packet-Type == Access-Challenge)) {
# attr_filter.access_challenge.post-auth
# handled # override the "updated" code from attr_filter
# }
# }
}


#
# Pre-accounting. Decide which accounting type to use



في هذه الخطوة لما انفذها بعطيني هذا الخطا مش عارف هل لاني مش مكمل الخطوات ام لا
في شغله تانيه هل هذا الرابط الصحيح للدخول للبرنامج ام يوجد له تعديل ؟؟


Not Found

The requested URL /daloradius was not found on this server.
Apache/2.2.16 (Ubuntu) Server at localhost Port 80


ما المقصود بهذه الخطوة


and a nas if you are using one


ومشكورين جدا وأتمنى التفاعل معي

او ان تدلوني علي احد يساعدني في حل هذه المشكلة

بورك فيكم

Mellow Heart
February 3rd, 2011, 11:23 PM
plz help me ....