API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 23rd, 2016
92
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.76 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. #the ip that will handle pptp requests
  4. LOCALIP="192.168.43.2"
  5.  
  6. #list the IP's that will be assigned to your remote users on the pptp connection
  7. REMOTEUSERS="192.168.43.10-20"
  8.  
  9. #list a DNS server you would like your remote clients to use
  10. DNS_SERVER="8.8.8.8"
  11.  
  12. #list a password for mysql (root user)
  13. PASSWORD_MYSQL=superdupersecret
  14.  
  15. #list a password for radius admin#user name = radius - setup read from /etc/freeradius/sql/mysql/admin.sql
  16. PASSWORD_RADMIN=moresecretsecret
  17.  
  18. #list a username for the radius test account
  19. RADIUS_USER=radiustestpptp
  20.  
  21. #list a password for the radius test account
  22. RADIUS_PASSWORD=123321
  23.  
  24. apt-get -y autoremove debconf-utils pptpd mysql-server freeradius radiusclient1
  25.  
  26. apt-get install debconf-utils
  27. apt-get install pptpd
  28. modprobe nf_conntrack_pptp
  29.  
  30. if grep -q '#setting localip via script' /etc/pptpd.conf; then
  31. echo "/etc/pptpd.conf has already been affected by our script"
  32. cat /etc/pptpd.conf | grep $LOCALIP
  33. else
  34. echo "localip $LOCALIP" >> /etc/pptpd.conf
  35. echo "#setting localip via script" >> /etc/pptpd.conf
  36.  
  37. fi
  38.  
  39. if grep -q '#setting remoteusers via script' /etc/pptpd.conf; then
  40. echo "/etc/pptpd.conf has already been affected by our script"
  41. cat /etc/pptpd.conf | grep $REMOTEUSERS
  42. else
  43. echo "remoteip $REMOTEUSERS" >> /etc/pptpd.conf
  44. echo "#setting remoteusers via script" >> /etc/pptpd.conf
  45. fi
  46.  
  47. if grep -q '#setting dns server via script' /etc/ppp/pptpd-options; then
  48. echo "/etc/ppp/pptpd-options has already been affected by our script"
  49. cat /etc/ppp/pptpd-options | grep $DNS_SERVER
  50. else
  51. echo "ms-dns $DNS_SERVER" >> /etc/ppp/pptpd-options
  52. echo "#setting dns server via script" >> /etc/ppp/pptpd-options
  53. fi
  54.  
  55. if grep -q '#setting forwarding from script' /etc/sysctl.conf ; then
  56. echo "/etc/sysctl.conf has already been affected by our script - moving on"
  57. cat /etc/sysctl.conf | grep net.ipv4.ip_forward=1
  58. else
  59. sed -i.bak-removed-forward-nohash '/net.ipv4.ip_forward=1/d' /etc/sysctl.conf
  60. sed -i.bak-removed-forward-hash '/#net.ipv4.ip_forward=1/d' /etc/sysctl.conf
  61. echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
  62. echo "#setting forwarding from script" >> /etc/sysctl.conf
  63. sysctl -p /etc/sysctl.conf
  64. fi
  65.  
  66. sudo debconf-set-selections <<< "mysql-server mysql-server/root_password password $PASSWORD_MYSQL"
  67. sudo debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $PASSWORD_MYSQL"
  68.  
  69. apt-get -y install mysql-server
  70. apt-get -y install freeradius freeradius-mysql freeradius-utils
  71. apt-get -y install radiusclient1
  72.  
  73. mysql -u root -p$PASSWORD_MYSQL -e "show databases"
  74. mysql -u root -p$PASSWORD_MYSQL -e "DROP DATABASE radius"
  75. mysql -u root -p$PASSWORD_MYSQL -e "CREATE DATABASE radius"
  76. mysql -u root -p$PASSWORD_MYSQL -e "show databases"
  77. mysql -u root -p$PASSWORD_MYSQL radius < /etc/freeradius/sql/mysql/schema.sql
  78. mysql -u root -p$PASSWORD_MYSQL -e "DROP USER 'radius'@'localhost'"
  79. mysql -u root -p$PASSWORD_MYSQL radius < /etc/freeradius/sql/mysql/admin.sql
  80.  
  81. mysql -u root -p$PASSWORD_MYSQL -e "SET PASSWORD FOR 'radius'@'localhost' = PASSWORD('$PASSWORD_RADMIN')"
  82.  
  83. mysql -D radius -u root -p$PASSWORD_MYSQL -e "DELETE FROM radcheck WHERE username = '$RADIUS_USER'"
  84. mysql -D radius -u root -p$PASSWORD_MYSQL -e "INSERT INTO radcheck (id, username, attribute, op, value) VALUES (1,'$RADIUS_USER','User-Password',':=','$RADIUS_PASSWORD');"
  85. mysql -D radius -u root -p$PASSWORD_MYSQL -e "SELECT * FROM radcheck"
  86.  
  87. echo "authorize {
  88. preprocess
  89. chap
  90. mschap
  91. digest
  92. suffix
  93. eap {
  94. ok = return
  95. }
  96. sql
  97. expiration
  98. logintime
  99. pap
  100. }
  101. authenticate {
  102. Auth-Type PAP {
  103. pap
  104. }
  105. Auth-Type CHAP {
  106. chap
  107. }
  108. Auth-Type MS-CHAP {
  109. mschap
  110. }
  111. digest
  112. unix
  113. eap
  114. }
  115. preacct {
  116. preprocess
  117. acct_unique
  118. suffix
  119. #files
  120. }
  121. accounting {
  122. sql
  123. detail
  124. unix
  125. radutmp
  126. exec
  127. attr_filter.accounting_response
  128. }
  129. session {
  130. radutmp
  131. sql
  132. }
  133. post-auth {
  134. exec
  135. sql
  136. Post-Auth-Type REJECT {
  137. sql
  138. sql
  139. attr_filter.access_reject
  140. }
  141. }
  142. pre-proxy {
  143. }
  144. post-proxy {
  145. eap
  146. }" > /etc/freeradius/sites-enabled/default
  147.  
  148. echo "prefix = /usr
  149. exec_prefix = /usr
  150. sysconfdir = /etc
  151. localstatedir = /var
  152. sbindir = \${exec_prefix}/sbin
  153. logdir = /var/log/freeradius
  154. raddbdir = /etc/freeradius
  155. radacctdir = \${logdir}/radacct
  156. name = freeradius
  157. confdir = \${raddbdir}
  158. run_dir = \${localstatedir}/run/\${name}
  159. db_dir = \${raddbdir}
  160. libdir = /usr/lib/freeradius
  161. pidfile = \${run_dir}/\${name}.pid
  162. user = freerad
  163. group = freerad
  164. max_request_time = 30
  165. cleanup_delay = 5
  166. max_requests = 1024
  167. listen {
  168. type = auth
  169. ipaddr = *
  170. port = 0
  171. }
  172. listen {
  173. ipaddr = *
  174. port = 0
  175. type = acct
  176. }
  177. hostname_lookups = no
  178. allow_core_dumps = no
  179. regular_expressions = yes
  180. extended_expressions = yes
  181. log {
  182. destination = files
  183. file = \${logdir}/radius.log
  184. syslog_facility = daemon
  185. stripped_names = no
  186. auth = no
  187. auth_badpass = no
  188. auth_goodpass = no
  189. }
  190. checkrad = \${sbindir}/checkrad
  191. security {
  192. max_attributes = 200
  193. reject_delay = 1
  194. status_server = yes
  195. }
  196. proxy_requests = yes
  197. \$INCLUDE proxy.conf
  198. \$INCLUDE clients.conf
  199. thread pool {
  200. start_servers = 5
  201. max_servers = 32
  202. min_spare_servers = 3
  203. max_spare_servers = 10
  204. max_requests_per_server = 0
  205. }
  206. modules {
  207. \$INCLUDE \${confdir}/modules/
  208. \$INCLUDE eap.conf
  209. \$INCLUDE sql.conf
  210. }
  211. instantiate {
  212. exec
  213. expr
  214. expiration
  215. logintime
  216. }
  217. \$INCLUDE policy.conf
  218. \$INCLUDE sites-enabled/" > /etc/freeradius/radiusd.conf
  219.  
  220. echo "sql {
  221. database = "mysql"
  222. driver = "rlm_sql_\${database}"
  223. server = "localhost"
  224. login = "radius"
  225. password = "$PASSWORD_RADMIN"
  226. radius_db = "radius"
  227. acct_table1 = "radacct"
  228. acct_table2 = "radacct"
  229. postauth_table = "radpostauth"
  230. authcheck_table = "radcheck"
  231. authreply_table = "radreply"
  232. groupcheck_table = "radgroupcheck"
  233. groupreply_table = "radgroupreply"
  234. usergroup_table = "radusergroup"
  235. deletestalesessions = yes
  236. sqltrace = no
  237. sqltracefile = \${logdir}/sqltrace.sql
  238. num_sql_socks = 5
  239. connect_failure_retry_delay = 60
  240. lifetime = 0
  241. max_queries = 0
  242. nas_table = "nas"
  243. \$INCLUDE sql/\${database}/dialup.conf
  244. }" > /etc/freeradius/sql.conf
  245.  
  246. echo "VENDOR Microsoft 311 Microsoft
  247. BEGIN VENDOR Microsoft
  248. ATTRIBUTE MS-CHAP-Response 1 string Microsoft
  249. ATTRIBUTE MS-CHAP-Error 2 string Microsoft
  250. ATTRIBUTE MS-CHAP-CPW-1 3 string Microsoft
  251. ATTRIBUTE MS-CHAP-CPW-2 4 string Microsoft
  252. ATTRIBUTE MS-CHAP-LM-Enc-PW 5 string Microsoft
  253. ATTRIBUTE MS-CHAP-NT-Enc-PW 6 string Microsoft
  254. ATTRIBUTE MS-MPPE-Encryption-Policy 7 string Microsoft
  255. # This is referred to as both singular and plural in the RFC.
  256. # Plural seems to make more sense.
  257. ATTRIBUTE MS-MPPE-Encryption-Type 8 string Microsoft
  258. ATTRIBUTE MS-MPPE-Encryption-Types 8 string Microsoft
  259. ATTRIBUTE MS-RAS-Vendor 9 integer Microsoft
  260. ATTRIBUTE MS-CHAP-Domain 10 string Microsoft
  261. ATTRIBUTE MS-CHAP-Challenge 11 string Microsoft
  262. ATTRIBUTE MS-CHAP-MPPE-Keys 12 string Microsoft encrypt=1
  263. ATTRIBUTE MS-BAP-Usage 13 integer Microsoft
  264. ATTRIBUTE MS-Link-Utilization-Threshold 14 integer Microsoft
  265. ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer Microsoft
  266. ATTRIBUTE MS-MPPE-Send-Key 16 string Microsoft
  267. ATTRIBUTE MS-MPPE-Recv-Key 17 string Microsoft
  268. ATTRIBUTE MS-RAS-Version 18 string Microsoft
  269. ATTRIBUTE MS-Old-ARAP-Password 19 string Microsoft
  270. ATTRIBUTE MS-New-ARAP-Password 20 string Microsoft
  271. ATTRIBUTE MS-ARAP-PW-Change-Reason 21 integer Microsoft
  272. ATTRIBUTE MS-Filter 22 string Microsoft
  273. ATTRIBUTE MS-Acct-Auth-Type 23 integer Microsoft
  274. ATTRIBUTE MS-Acct-EAP-Type 24 integer Microsoft
  275. ATTRIBUTE MS-CHAP2-Response 25 string Microsoft
  276. ATTRIBUTE MS-CHAP2-Success 26 string Microsoft
  277. ATTRIBUTE MS-CHAP2-CPW 27 string Microsoft
  278. ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr
  279. ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr
  280. ATTRIBUTE MS-Primary-NBNS-Server 30 ipaddr Microsoft
  281. ATTRIBUTE MS-Secondary-NBNS-Server 31 ipaddr Microsoft
  282. #ATTRIBUTE MS-ARAP-Challenge 33 string Microsoft
  283. #
  284. # Integer Translations
  285. #
  286. # MS-BAP-Usage Values
  287. VALUE MS-BAP-Usage Not-Allowed 0
  288. VALUE MS-BAP-Usage Allowed 1
  289. VALUE MS-BAP-Usage Required 2
  290. # MS-ARAP-Password-Change-Reason Values
  291. VALUE MS-ARAP-PW-Change-Reason Just-Change-Password 1
  292. VALUE MS-ARAP-PW-Change-Reason Expired-Password 2
  293. VALUE MS-ARAP-PW-Change-Reason Admin-Requires-Password-Change 3
  294. VALUE MS-ARAP-PW-Change-Reason Password-Too-Short 4
  295. # MS-Acct-Auth-Type Values
  296. VALUE MS-Acct-Auth-Type PAP 1
  297. VALUE MS-Acct-Auth-Type CHAP 2
  298. VALUE MS-Acct-Auth-Type MS-CHAP-1 3
  299. VALUE MS-Acct-Auth-Type MS-CHAP-2 4
  300. VALUE MS-Acct-Auth-Type EAP 5
  301. # MS-Acct-EAP-Type Values
  302. VALUE MS-Acct-EAP-Type MD5 4
  303. VALUE MS-Acct-EAP-Type OTP 5
  304. VALUE MS-Acct-EAP-Type Generic-Token-Card 6
  305. VALUE MS-Acct-EAP-Type TLS 13
  306. END-VENDOR Microsoft" > /etc/radiusclient/dictionary.microsoft
  307.  
  308. echo "INCLUDE /etc/radiusclient/dictionary.microsoft" >> /etc/radiusclient/dictionary
  309.  
  310. echo "client localhost {
  311. ipaddr = 127.0.0.1
  312. secret = testing123
  313. require_message_authenticator = no
  314. }" > /etc/freeradius/clients.conf
  315.  
  316. echo "127.0.0.1 testing123" > /etc/radiusclient/servers
  317.  
  318. echo "plugin radius.so
  319. plugin radattr.so" >> /etc/ppp/pptpd-options
  320.  
  321. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  322. iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
  323. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  324.  
  325. service mysql restart
  326. service pptpd restart
  327. service freeradius stop
  328. freeradius -X
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!