API tools faq
paste
Advertisement
akhfa

Install Freeradius Centos 7

akhfa
Apr 25th, 2016
47
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 28.03 KB | None | 0 0
raw download clone embed print report
  1. yum install freeradius freeradius-mysql freeradius-utils mariadb-server httpd php php-mysql epel-release
  2. yum install phpmyadmin
  3. systemctl start mariadb
  4. systemctl enable mariadb
  5. mysql_secure_installation
  6. mysql -u root -p
  7. CREATE DATABASE radius;
  8. GRANT ALL PRIVILEGES ON radius.* TO radius@localhost IDENTIFIED BY "radius password";
  9. flush privileges;
  10. use radius;
  11. source /etc/raddb/mods-config/sql/main/mysql/schema.sql;
  12. exit
  13. ln -s /etc/raddb/mods-available/sql /etc/raddb/mods-enabled/
  14. # nano /etc/raddb/radiusd.conf
  15. nano /etc/raddb/mods-enabled/sql
  16.  
  17. # ubah menjadi kira2 seperti ini
  18. ========================================================================
  19.         # The dialect of SQL you want to use, this should usually match
  20.         # the driver you selected above.
  21.         #
  22.         # If you're using rlm_sql_null, then it should be the type of
  23.         # database the logged queries are going to be executed against.
  24. #       dialect = "sqlite"
  25.         dialect = "mysql"
  26.  
  27.         # Connection info:
  28.         #
  29.         server = "localhost"
  30.         port = 3306    
  31.         login = "radius"
  32.         password = "radpass"
  33.  
  34.         # Database table configuration for everything except Oracle
  35.         radius_db = "radius"
  36. ========================================================================
  37.  
  38. jalankan radiusd -X. Jika berhasil, muncul log kurang lebih seperti berikut
  39. ==========================================================
  40. radiusd: FreeRADIUS Version 3.0.4, for host x86_64-redhat-linux-gnu, built on Mar  5 2015 at 23:41:36
  41. Copyright (C) 1999-2014 The FreeRADIUS server project and contributors
  42. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
  43. PARTICULAR PURPOSE
  44. You may redistribute copies of FreeRADIUS under the terms of the
  45. GNU General Public License
  46. For more information about these matters, see the file named COPYRIGHT
  47. Starting - reading configuration files ...
  48. including dictionary file /usr/share/freeradius/dictionary
  49. including dictionary file /usr/share/freeradius/dictionary.dhcp
  50. including dictionary file /usr/share/freeradius/dictionary.vqp
  51. including dictionary file /etc/raddb/dictionary
  52. including configuration file /etc/raddb/radiusd.conf
  53. including configuration file /etc/raddb/proxy.conf
  54. including configuration file /etc/raddb/clients.conf
  55. including files in directory /etc/raddb/mods-enabled/
  56. including configuration file /etc/raddb/mods-enabled/realm
  57. including configuration file /etc/raddb/mods-enabled/preprocess
  58. including configuration file /etc/raddb/mods-enabled/expr
  59. including configuration file /etc/raddb/mods-enabled/logintime
  60. including configuration file /etc/raddb/mods-enabled/utf8
  61. including configuration file /etc/raddb/mods-enabled/dynamic_clients
  62. including configuration file /etc/raddb/mods-enabled/eap
  63. including configuration file /etc/raddb/mods-enabled/chap
  64. including configuration file /etc/raddb/mods-enabled/files
  65. including configuration file /etc/raddb/mods-enabled/unix
  66. including configuration file /etc/raddb/mods-enabled/ntlm_auth
  67. including configuration file /etc/raddb/mods-enabled/detail.log
  68. including configuration file /etc/raddb/mods-enabled/echo
  69. including configuration file /etc/raddb/mods-enabled/pap
  70. including configuration file /etc/raddb/mods-enabled/unpack
  71. including configuration file /etc/raddb/mods-enabled/sradutmp
  72. including configuration file /etc/raddb/mods-enabled/radutmp
  73. including configuration file /etc/raddb/mods-enabled/dhcp
  74. including configuration file /etc/raddb/mods-enabled/expiration
  75. including configuration file /etc/raddb/mods-enabled/sql
  76. including configuration file /etc/raddb/mods-config/sql/main/mysql/queries.conf
  77. including configuration file /etc/raddb/mods-enabled/mschap
  78. including configuration file /etc/raddb/mods-enabled/soh
  79. including configuration file /etc/raddb/mods-enabled/detail
  80. including configuration file /etc/raddb/mods-enabled/linelog
  81. including configuration file /etc/raddb/mods-enabled/digest
  82. including configuration file /etc/raddb/mods-enabled/cache_eap
  83. including configuration file /etc/raddb/mods-enabled/exec
  84. including configuration file /etc/raddb/mods-enabled/passwd
  85. including configuration file /etc/raddb/mods-enabled/replicate
  86. including configuration file /etc/raddb/mods-enabled/attr_filter
  87. including configuration file /etc/raddb/mods-enabled/always
  88. including files in directory /etc/raddb/policy.d/
  89. including configuration file /etc/raddb/policy.d/debug
  90. including configuration file /etc/raddb/policy.d/cui
  91. including configuration file /etc/raddb/policy.d/control
  92. including configuration file /etc/raddb/policy.d/eap
  93. including configuration file /etc/raddb/policy.d/accounting
  94. including configuration file /etc/raddb/policy.d/operator-name
  95. including configuration file /etc/raddb/policy.d/filter
  96. including configuration file /etc/raddb/policy.d/dhcp
  97. including configuration file /etc/raddb/policy.d/canonicalization
  98. including files in directory /etc/raddb/sites-enabled/
  99. including configuration file /etc/raddb/sites-enabled/default
  100. including configuration file /etc/raddb/sites-enabled/inner-tunnel
  101. main {
  102.  security {
  103.         user = "radiusd"
  104.         group = "radiusd"
  105.         allow_core_dumps = no
  106.  }
  107. }
  108. main {
  109.         name = "radiusd"
  110.         prefix = "/usr"
  111.         localstatedir = "/var"
  112.         sbindir = "/usr/sbin"
  113.         logdir = "/var/log/radius"
  114.         run_dir = "/var/run/radiusd"
  115.         libdir = "/usr/lib64/freeradius"
  116.         radacctdir = "/var/log/radius/radacct"
  117.         hostname_lookups = no
  118.         max_request_time = 30
  119.         cleanup_delay = 5
  120.         max_requests = 1024
  121.         pidfile = "/var/run/radiusd/radiusd.pid"
  122.         checkrad = "/usr/sbin/checkrad"
  123.         debug_level = 0
  124.         proxy_requests = yes
  125.  log {
  126.         stripped_names = no
  127.         auth = no
  128.         auth_badpass = no
  129.         auth_goodpass = no
  130.         colourise = yes
  131.         msg_denied = "You are already logged in - access denied"
  132.  }
  133.  security {
  134.         max_attributes = 200
  135.         reject_delay = 1
  136.         status_server = yes
  137.  }
  138. }
  139. radiusd: #### Loading Realms and Home Servers ####
  140.  proxy server {
  141.         retry_delay = 5
  142.         retry_count = 3
  143.         default_fallback = no
  144.         dead_time = 120
  145.         wake_all_if_all_dead = no
  146.  }
  147.  home_server localhost {
  148.         ipaddr = 127.0.0.1
  149.         port = 1812
  150.         type = "auth"
  151.         secret = <<< secret >>>
  152.         response_window = 20.000000
  153.         response_timeouts = 1
  154.         max_outstanding = 65536
  155.         zombie_period = 40
  156.         status_check = "status-server"
  157.         ping_interval = 30
  158.         check_interval = 30
  159.         check_timeout = 4
  160.         num_answers_to_alive = 3
  161.         revive_interval = 120
  162.   coa {
  163.         irt = 2
  164.         mrt = 16
  165.         mrc = 5
  166.         mrd = 30
  167.   }
  168.   limit {
  169.         max_connections = 16
  170.         max_requests = 0
  171.         lifetime = 0
  172.         idle_timeout = 0
  173.   }
  174.  }
  175.  home_server_pool my_auth_failover {
  176.         type = fail-over
  177.         home_server = localhost
  178.  }
  179.  realm example.com {
  180.         auth_pool = my_auth_failover
  181.  }
  182.  realm LOCAL {
  183.  }
  184. radiusd: #### Loading Clients ####
  185.  client localhost {
  186.         ipaddr = 127.0.0.1
  187.         require_message_authenticator = no
  188.         secret = <<< secret >>>
  189.         nas_type = "other"
  190.         proto = "*"
  191.   limit {
  192.         max_connections = 16
  193.         lifetime = 0
  194.         idle_timeout = 30
  195.   }
  196.  }
  197.  client localhost_ipv6 {
  198.         ipv6addr = ::1
  199.         require_message_authenticator = no
  200.         secret = <<< secret >>>
  201.   limit {
  202.         max_connections = 16
  203.         lifetime = 0
  204.         idle_timeout = 30
  205.   }
  206.  }
  207. radiusd: #### Instantiating modules ####
  208.  instantiate {
  209.  }
  210.  modules {
  211.   # Loaded module rlm_realm
  212.   # Instantiating module "IPASS" from file /etc/raddb/mods-enabled/realm
  213.   realm IPASS {
  214.         format = "prefix"
  215.         delimiter = "/"
  216.         ignore_default = no
  217.         ignore_null = no
  218.   }
  219.   # Instantiating module "suffix" from file /etc/raddb/mods-enabled/realm
  220.   realm suffix {
  221.         format = "suffix"
  222.         delimiter = "@"
  223.         ignore_default = no
  224.         ignore_null = no
  225.   }
  226.   # Instantiating module "realmpercent" from file /etc/raddb/mods-enabled/realm
  227.   realm realmpercent {
  228.         format = "suffix"
  229.         delimiter = "%"
  230.         ignore_default = no
  231.         ignore_null = no
  232.   }
  233.   # Instantiating module "ntdomain" from file /etc/raddb/mods-enabled/realm
  234.   realm ntdomain {
  235.         format = "prefix"
  236.         delimiter = "\"
  237.        ignore_default = no
  238.        ignore_null = no
  239.  }
  240.  # Loaded module rlm_preprocess
  241.  # Instantiating module "preprocess" from file /etc/raddb/mods-enabled/preprocess
  242.  preprocess {
  243.        huntgroups = "/etc/raddb/mods-config/preprocess/huntgroups"
  244.        hints = "/etc/raddb/mods-config/preprocess/hints"
  245.        with_ascend_hack = no
  246.        ascend_channels_per_line = 23
  247.        with_ntdomain_hack = no
  248.        with_specialix_jetstream_hack = no
  249.        with_cisco_vsa_hack = no
  250.        with_alvarion_vsa_hack = no
  251.  }
  252. reading pairlist file /etc/raddb/mods-config/preprocess/huntgroups
  253. reading pairlist file /etc/raddb/mods-config/preprocess/hints
  254.  # Loaded module rlm_expr
  255.  # Instantiating module "expr" from file /etc/raddb/mods-enabled/expr
  256.  expr {
  257.        safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  258.  }
  259.  # Loaded module rlm_logintime
  260.  # Instantiating module "logintime" from file /etc/raddb/mods-enabled/logintime
  261.  logintime {
  262.        minimum_timeout = 60
  263.  }
  264.  # Loaded module rlm_utf8
  265.  # Instantiating module "utf8" from file /etc/raddb/mods-enabled/utf8
  266.  # Loaded module rlm_dynamic_clients
  267.  # Instantiating module "dynamic_clients" from file /etc/raddb/mods-enabled/dynamic_clients
  268.  # Loaded module rlm_eap
  269.  # Instantiating module "eap" from file /etc/raddb/mods-enabled/eap
  270.  eap {
  271.        default_eap_type = "md5"
  272.        timer_expire = 60
  273.        ignore_unknown_eap_types = no
  274.        mod_accounting_username_bug = no
  275.        max_sessions = 1024
  276.  }
  277.   # Linked to sub-module rlm_eap_md5
  278.   # Linked to sub-module rlm_eap_leap
  279.   # Linked to sub-module rlm_eap_gtc
  280.   gtc {
  281.        challenge = "Password: "
  282.        auth_type = "PAP"
  283.   }
  284.   # Linked to sub-module rlm_eap_tls
  285.   tls {
  286.        tls = "tls-common"
  287.   }
  288.   tls-config tls-common {
  289.        rsa_key_exchange = no
  290.        dh_key_exchange = yes
  291.        rsa_key_length = 512
  292.        dh_key_length = 512
  293.        verify_depth = 0
  294.        ca_path = "/etc/raddb/certs"
  295.        pem_file_type = yes
  296.        private_key_file = "/etc/raddb/certs/server.pem"
  297.        certificate_file = "/etc/raddb/certs/server.pem"
  298.        ca_file = "/etc/raddb/certs/ca.pem"
  299.        private_key_password = <<< secret >>>
  300.        dh_file = "/etc/raddb/certs/dh"
  301.        fragment_size = 1024
  302.        include_length = yes
  303.        check_crl = no
  304.        cipher_list = "DEFAULT"
  305.        ecdh_curve = "prime256v1"
  306.    cache {
  307.        enable = yes
  308.        lifetime = 24
  309.        max_entries = 255
  310.    }
  311.    verify {
  312.    }
  313.    ocsp {
  314.        enable = no
  315.        override_cert_url = yes
  316.        url = "http://127.0.0.1/ocsp/"
  317.        use_nonce = yes
  318.        timeout = 0
  319.        softfail = yes
  320.    }
  321.   }
  322.   # Linked to sub-module rlm_eap_ttls
  323.   ttls {
  324.        tls = "tls-common"
  325.        default_eap_type = "md5"
  326.        copy_request_to_tunnel = no
  327.        use_tunneled_reply = no
  328.        virtual_server = "inner-tunnel"
  329.        include_length = yes
  330.        require_client_cert = no
  331.   }
  332. Using cached TLS configuration from previous invocation
  333.   # Linked to sub-module rlm_eap_peap
  334.   peap {
  335.        tls = "tls-common"
  336.        default_method = "mschapv2"
  337.        copy_request_to_tunnel = no
  338.        use_tunneled_reply = no
  339.        proxy_tunneled_request_as_eap = yes
  340.        virtual_server = "inner-tunnel"
  341.        soh = no
  342.        require_client_cert = no
  343.   }
  344. Using cached TLS configuration from previous invocation
  345.   # Linked to sub-module rlm_eap_mschapv2
  346.   mschapv2 {
  347.        with_ntdomain_hack = no
  348.        send_error = no
  349.   }
  350.  # Loaded module rlm_chap
  351.  # Instantiating module "chap" from file /etc/raddb/mods-enabled/chap
  352.  # Loaded module rlm_files
  353.  # Instantiating module "files" from file /etc/raddb/mods-enabled/files
  354.  files {
  355.        filename = "/etc/raddb/mods-config/files/authorize"
  356.        usersfile = "/etc/raddb/mods-config/files/authorize"
  357.        acctusersfile = "/etc/raddb/mods-config/files/accounting"
  358.        preproxy_usersfile = "/etc/raddb/mods-config/files/pre-proxy"
  359.        compat = "cistron"
  360.  }
  361. reading pairlist file /etc/raddb/mods-config/files/authorize
  362. [/etc/raddb/mods-config/files/authorize]:181 Cistron compatibility checks for entry DEFAULT ...
  363. [/etc/raddb/mods-config/files/authorize]:188 Cistron compatibility checks for entry DEFAULT ...
  364. [/etc/raddb/mods-config/files/authorize]:195 Cistron compatibility checks for entry DEFAULT ...
  365. reading pairlist file /etc/raddb/mods-config/files/authorize
  366. [/etc/raddb/mods-config/files/authorize]:181 Cistron compatibility checks for entry DEFAULT ...
  367. [/etc/raddb/mods-config/files/authorize]:188 Cistron compatibility checks for entry DEFAULT ...
  368. [/etc/raddb/mods-config/files/authorize]:195 Cistron compatibility checks for entry DEFAULT ...
  369. reading pairlist file /etc/raddb/mods-config/files/accounting
  370. reading pairlist file /etc/raddb/mods-config/files/pre-proxy
  371.  # Loaded module rlm_unix
  372.  # Instantiating module "unix" from file /etc/raddb/mods-enabled/unix
  373.  unix {
  374.        radwtmp = "/var/log/radius/radwtmp"
  375.  }
  376.  # Loaded module rlm_exec
  377.  # Instantiating module "ntlm_auth" from file /etc/raddb/mods-enabled/ntlm_auth
  378.  exec ntlm_auth {
  379.        wait = yes
  380.        program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
  381.        shell_escape = yes
  382.  }
  383.  # Loaded module rlm_detail
  384.  # Instantiating module "auth_log" from file /etc/raddb/mods-enabled/detail.log
  385.  detail auth_log {
  386.        filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
  387.        header = "%t"
  388.        permissions = 384
  389.        locking = no
  390.        log_packet_header = no
  391.  }
  392. rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
  393.  # Instantiating module "reply_log" from file /etc/raddb/mods-enabled/detail.log
  394.  detail reply_log {
  395.        filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
  396.        header = "%t"
  397.        permissions = 384
  398.        locking = no
  399.        log_packet_header = no
  400.  }
  401.  # Instantiating module "pre_proxy_log" from file /etc/raddb/mods-enabled/detail.log
  402.  detail pre_proxy_log {
  403.        filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
  404.        header = "%t"
  405.        permissions = 384
  406.        locking = no
  407.        log_packet_header = no
  408.  }
  409.  # Instantiating module "post_proxy_log" from file /etc/raddb/mods-enabled/detail.log
  410.  detail post_proxy_log {
  411.        filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
  412.        header = "%t"
  413.        permissions = 384
  414.        locking = no
  415.        log_packet_header = no
  416.  }
  417.  # Instantiating module "echo" from file /etc/raddb/mods-enabled/echo
  418.  exec echo {
  419.        wait = yes
  420.        program = "/bin/echo %{User-Name}"
  421.        input_pairs = "request"
  422.        output_pairs = "reply"
  423.        shell_escape = yes
  424.  }
  425.  # Loaded module rlm_pap
  426.  # Instantiating module "pap" from file /etc/raddb/mods-enabled/pap
  427.  pap {
  428.        normalise = yes
  429.  }
  430.  # Loaded module rlm_unpack
  431.  # Instantiating module "unpack" from file /etc/raddb/mods-enabled/unpack
  432.  # Loaded module rlm_radutmp
  433.  # Instantiating module "sradutmp" from file /etc/raddb/mods-enabled/sradutmp
  434.  radutmp sradutmp {
  435.        filename = "/var/log/radius/sradutmp"
  436.        username = "%{User-Name}"
  437.        case_sensitive = yes
  438.        check_with_nas = yes
  439.        permissions = 420
  440.        caller_id = no
  441.  }
  442.  # Instantiating module "radutmp" from file /etc/raddb/mods-enabled/radutmp
  443.  radutmp {
  444.        filename = "/var/log/radius/radutmp"
  445.        username = "%{User-Name}"
  446.        case_sensitive = yes
  447.        check_with_nas = yes
  448.        permissions = 384
  449.        caller_id = yes
  450.  }
  451.  # Loaded module rlm_dhcp
  452.  # Instantiating module "dhcp" from file /etc/raddb/mods-enabled/dhcp
  453.  # Loaded module rlm_expiration
  454.  # Instantiating module "expiration" from file /etc/raddb/mods-enabled/expiration
  455.  # Loaded module rlm_sql
  456.  # Instantiating module "sql" from file /etc/raddb/mods-enabled/sql
  457.  sql {
  458.        driver = "rlm_sql_null"
  459.        server = "localhost"
  460.        port = "3306"
  461.        login = "radius"
  462.        password = <<< secret >>>
  463.        radius_db = "radius"
  464.        read_groups = yes
  465.        read_profiles = yes
  466.        read_clients = no
  467.        delete_stale_sessions = yes
  468.        sql_user_name = "%{User-Name}"
  469.        default_user_profile = ""
  470.        client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"
  471.        authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"
  472.        authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"
  473.        authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"
  474.        authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"
  475.        group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"
  476.        simul_count_query = ""
  477.        simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
  478.        safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  479.  }
  480.   accounting {
  481.        reference = "%{tolower:type.%{Acct-Status-Type}.query}"
  482.   }
  483.   post-auth {
  484.        reference = ".query"
  485.   }
  486. rlm_sql (sql): Driver rlm_sql_null (module rlm_sql_null) loaded and linked
  487. rlm_sql (sql): Attempting to connect to database "radius"
  488. rlm_sql (sql): Initialising connection pool
  489.   pool {
  490.        start = 5
  491.        min = 4
  492.        max = 32
  493.        spare = 3
  494.        uses = 0
  495.        lifetime = 0
  496.        cleanup_interval = 30
  497.        idle_timeout = 60
  498.        retry_delay = 1
  499.        spread = no
  500.   }
  501. rlm_sql (sql): Opening additional connection (0)
  502. rlm_sql (sql): Opening additional connection (1)
  503. rlm_sql (sql): Opening additional connection (2)
  504. rlm_sql (sql): Opening additional connection (3)
  505. rlm_sql (sql): Opening additional connection (4)
  506.  # Loaded module rlm_mschap
  507.  # Instantiating module "mschap" from file /etc/raddb/mods-enabled/mschap
  508.  mschap {
  509.        use_mppe = yes
  510.        require_encryption = no
  511.        require_strong = no
  512.        with_ntdomain_hack = yes
  513.   passchange {
  514.   }
  515.        allow_retry = yes
  516.  }
  517.  # Loaded module rlm_soh
  518.  # Instantiating module "soh" from file /etc/raddb/mods-enabled/soh
  519.  soh {
  520.        dhcp = yes
  521.  }
  522.  # Instantiating module "detail" from file /etc/raddb/mods-enabled/detail
  523.  detail {
  524.        filename = "/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
  525.        header = "%t"
  526.        permissions = 384
  527.        locking = no
  528.        log_packet_header = no
  529.  }
  530.  # Loaded module rlm_linelog
  531.  # Instantiating module "linelog" from file /etc/raddb/mods-enabled/linelog
  532.  linelog {
  533.        filename = "/var/log/radius/linelog"
  534.        permissions = 384
  535.        format = "This is a log message for %{User-Name}"
  536.        reference = "messages.%{%{Packet-Type}:-default}"
  537.  }
  538.  # Instantiating module "log_accounting" from file /etc/raddb/mods-enabled/linelog
  539.  linelog log_accounting {
  540.        filename = "/var/log/radius/linelog-accounting"
  541.        permissions = 384
  542.        format = ""
  543.        reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
  544.  }
  545.  # Loaded module rlm_digest
  546.  # Instantiating module "digest" from file /etc/raddb/mods-enabled/digest
  547.  # Loaded module rlm_cache
  548.  # Instantiating module "cache_eap" from file /etc/raddb/mods-enabled/cache_eap
  549.  cache cache_eap {
  550.        key = "%{%{control:State}:-%{%{reply:State}:-%{State}}}"
  551.        ttl = 15
  552.        max_entries = 16384
  553.        epoch = 0
  554.        add_stats = no
  555.  }
  556.  # Instantiating module "exec" from file /etc/raddb/mods-enabled/exec
  557.  exec {
  558.        wait = no
  559.        input_pairs = "request"
  560.        shell_escape = yes
  561.        timeout = 10
  562.  }
  563.  # Loaded module rlm_passwd
  564.  # Instantiating module "etc_passwd" from file /etc/raddb/mods-enabled/passwd
  565.  passwd etc_passwd {
  566.        filename = "/etc/passwd"
  567.        format = "*User-Name:Crypt-Password:"
  568.        delimiter = ":"
  569.        ignore_nislike = no
  570.        ignore_empty = yes
  571.        allow_multiple_keys = no
  572.        hash_size = 100
  573.  }
  574. rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
  575.  # Loaded module rlm_replicate
  576.  # Instantiating module "replicate" from file /etc/raddb/mods-enabled/replicate
  577.  # Loaded module rlm_attr_filter
  578.  # Instantiating module "attr_filter.post-proxy" from file /etc/raddb/mods-enabled/attr_filter
  579.  attr_filter attr_filter.post-proxy {
  580.        filename = "/etc/raddb/mods-config/attr_filter/post-proxy"
  581.        key = "%{Realm}"
  582.        relaxed = no
  583.  }
  584. reading pairlist file /etc/raddb/mods-config/attr_filter/post-proxy
  585.  # Instantiating module "attr_filter.pre-proxy" from file /etc/raddb/mods-enabled/attr_filter
  586.  attr_filter attr_filter.pre-proxy {
  587.        filename = "/etc/raddb/mods-config/attr_filter/pre-proxy"
  588.        key = "%{Realm}"
  589.        relaxed = no
  590.  }
  591. reading pairlist file /etc/raddb/mods-config/attr_filter/pre-proxy
  592.  # Instantiating module "attr_filter.access_reject" from file /etc/raddb/mods-enabled/attr_filter
  593.  attr_filter attr_filter.access_reject {
  594.        filename = "/etc/raddb/mods-config/attr_filter/access_reject"
  595.        key = "%{User-Name}"
  596.        relaxed = no
  597.  }
  598. reading pairlist file /etc/raddb/mods-config/attr_filter/access_reject
  599.  # Instantiating module "attr_filter.access_challenge" from file /etc/raddb/mods-enabled/attr_filter
  600.  attr_filter attr_filter.access_challenge {
  601.        filename = "/etc/raddb/mods-config/attr_filter/access_challenge"
  602.        key = "%{User-Name}"
  603.        relaxed = no
  604.  }
  605. reading pairlist file /etc/raddb/mods-config/attr_filter/access_challenge
  606.  # Instantiating module "attr_filter.accounting_response" from file /etc/raddb/mods-enabled/attr_filter
  607.  attr_filter attr_filter.accounting_response {
  608.        filename = "/etc/raddb/mods-config/attr_filter/accounting_response"
  609.        key = "%{User-Name}"
  610.        relaxed = no
  611.  }
  612. reading pairlist file /etc/raddb/mods-config/attr_filter/accounting_response
  613.  # Loaded module rlm_always
  614.  # Instantiating module "reject" from file /etc/raddb/mods-enabled/always
  615.  always reject {
  616.        rcode = "reject"
  617.        simulcount = 0
  618.        mpp = no
  619.  }
  620.  # Instantiating module "fail" from file /etc/raddb/mods-enabled/always
  621.  always fail {
  622.        rcode = "fail"
  623.        simulcount = 0
  624.        mpp = no
  625.  }
  626.  # Instantiating module "ok" from file /etc/raddb/mods-enabled/always
  627.  always ok {
  628.        rcode = "ok"
  629.        simulcount = 0
  630.        mpp = no
  631.  }
  632.  # Instantiating module "handled" from file /etc/raddb/mods-enabled/always
  633.  always handled {
  634.        rcode = "handled"
  635.        simulcount = 0
  636.        mpp = no
  637.  }
  638.  # Instantiating module "invalid" from file /etc/raddb/mods-enabled/always
  639.  always invalid {
  640.        rcode = "invalid"
  641.        simulcount = 0
  642.        mpp = no
  643.  }
  644.  # Instantiating module "userlock" from file /etc/raddb/mods-enabled/always
  645.  always userlock {
  646.        rcode = "userlock"
  647.        simulcount = 0
  648.        mpp = no
  649.  }
  650.  # Instantiating module "notfound" from file /etc/raddb/mods-enabled/always
  651.  always notfound {
  652.        rcode = "notfound"
  653.        simulcount = 0
  654.        mpp = no
  655.  }
  656.  # Instantiating module "noop" from file /etc/raddb/mods-enabled/always
  657.  always noop {
  658.        rcode = "noop"
  659.        simulcount = 0
  660.        mpp = no
  661.  }
  662.  # Instantiating module "updated" from file /etc/raddb/mods-enabled/always
  663.  always updated {
  664.        rcode = "updated"
  665.        simulcount = 0
  666.        mpp = no
  667.  }
  668. } # modules
  669. radiusd: #### Loading Virtual Servers ####
  670. server { # from file /etc/raddb/radiusd.conf
  671. } # server
  672. server default { # from file /etc/raddb/sites-enabled/default
  673. # Creating Auth-Type = digest
  674. # Loading authenticate {...}
  675. # Loading authorize {...}
  676. Ignoring "ldap" (see raddb/mods-available/README.rst)
  677. # Loading preacct {...}
  678. # Loading accounting {...}
  679. # Loading post-proxy {...}
  680. # Loading post-auth {...}
  681. } # server default
  682. server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
  683. # Loading authenticate {...}
  684. # Loading authorize {...}
  685. # Loading session {...}
  686. # Loading post-proxy {...}
  687. # Loading post-auth {...}
  688. } # server inner-tunnel
  689. radiusd: #### Opening IP addresses and Ports ####
  690. listen {
  691.        type = "auth"
  692.        ipaddr = *
  693.        port = 0
  694.   limit {
  695.        max_connections = 16
  696.        lifetime = 0
  697.        idle_timeout = 30
  698.   }
  699. }
  700. listen {
  701.        type = "acct"
  702.        ipaddr = *
  703.        port = 0
  704.   limit {
  705.        max_connections = 16
  706.        lifetime = 0
  707.        idle_timeout = 30
  708.   }
  709. }
  710. listen {
  711.        type = "auth"
  712.        ipv6addr = ::
  713.        port = 0
  714.   limit {
  715.        max_connections = 16
  716.        lifetime = 0
  717.        idle_timeout = 30
  718.   }
  719. }
  720. listen {
  721.        type = "acct"
  722.        ipv6addr = ::
  723.        port = 0
  724.   limit {
  725.        max_connections = 16
  726.        lifetime = 0
  727.        idle_timeout = 30
  728.   }
  729. }
  730. listen {
  731.        type = "auth"
  732.        ipaddr = 127.0.0.1
  733.        port = 18120
  734. }
  735. Listening on auth address * port 1812 as server default
  736. Listening on acct address * port 1813 as server default
  737. Listening on auth address :: port 1812 as server default
  738. Listening on acct address :: port 1813 as server default
  739. Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel
  740. Opening new proxy socket 'proxy address * port 0'
  741. Listening on proxy address * port 48924
  742. Ready to process requests
  743. =================================================================
  744.  
  745.  
  746. =========================================================
  747. Instalasi daloradius
  748. cd /var/www/html
  749. wget -O daloradius-0.9-9.tar.gz http://downloads.sourceforge.net/project/daloradius/daloradius/daloradius0.9-9/daloradius-0.9-9.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fdaloradius%2F&ts=1461654475&use_mirror=jaist
  750. tar xzf daloradius-0.9-9.tar.gz
  751. mv daloradius-0.9-9 daloradius
  752. chown -R apache:apache daloradius
  753.  
  754. Troubleshoot
  755. Error
  756. ======================================================================================================
  757. [Tue Apr 26 03:22:44.536610 2016] [:error] [pid 2181] [client 114.124.29.98:45906] PHP Notice:  Undefined index: location in /var/www/html/daloradius/dologin.php on line 45
  758. [Tue Apr 26 03:22:44.537475 2016] [:error] [pid 2181] [client 114.124.29.98:45906] PHP Warning:  include_once(DB.php): failed to open stream: No such file or directory in /var/www/html/daloradius/library/opendb.php on line 84
  759. [Tue Apr 26 03:22:44.537531 2016] [:error] [pid 2181] [client 114.124.29.98:45906] PHP Warning:  include_once(): Failed opening 'DB.php' for inclusion (include_path='.:/usr/share/pear:/usr/share/php') in /var/www/html/daloradius/library/opendb.php on line 84
  760. [Tue Apr 26 03:22:44.537587 2016] [:error] [pid 2181] [client 114.124.29.98:45906] PHP Fatal error:  Class 'DB' not found in /var/www/html/daloradius/library/opendb.php on line 86
  761. =====================================================================================================
  762. solusi: https://sourceforge.net/p/daloradius/support-requests/16/ (belum solved)
  763.  
  764. sumber: http://packetlife.blogspot.com/2015/06/test.html
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!