Fédération FDN

FFDN - FAI associatifs

Outils pour utilisateurs

Outils du site


documentation:radius

Voici des extraits détaillés de la configuration RADIUS de FDN, et un exemple SQL:

huntgroups:

td NAS-IP-Address == 80.119.0.0
td NAS-IP-Address == 80.119.0.1

...

users:

DEFAULT Huntgroup-Name == 'td', Auth-Type := td
      Service-Type:1 := "Framed",
      Framed-Protocol:1 := "PPP",
      Class:1 := 0,
      Tunnel-Type:1 := "L2TP",
      Tunnel-Medium-Type:1 := "IP",

radiusd.conf:

modules {
  pap { encryption_scheme = crypt }
  chap { authtype = CHAP }
  realm suffix {
    format = suffix
    delimiter = "@"
    ignore_default = no
    ignore_null = no
  }
  sql sqlfdn {
    driver = "rlm_sql_mysql"
    server = "localhost"
    login = "toto"
    passwd = "toto"
    radius_db = "adsl"
    authorize_check_query = "\ 
            select UATTR_ID,RADUSER_LOGIN,UATTR_ATTR,UATTR_VALUE,UATTR_OP \ 
            from RADUSER,UATTR \ 
            where   ((RADUSER_LOGIN = REPLACE('%{SQL-User-Name}','@fdn.nerim','@fdn.fr')) or (RADUSER_LOGIN = '%{SQL-User-Name}')) and \ 
                    UATTR.RADUSER_ID = RADUSER.RADUSER_ID and \ 
                    UATTR_TYPE = 'check' \ 
            order by UATTR_ID" 
    authorize_reply_query = "\
            select UATTR_ID,RADUSER_LOGIN,UATTR_ATTR,UATTR_VALUE,UATTR_OP \
            from RADUSER,UATTR \
            where   ((RADUSER_LOGIN = REPLACE('%{SQL-User-Name}','@fdn.nerim','@fdn.fr')) or (RADUSER_LOGIN = '%{SQL-User-Name}')) and \
                    UATTR.RADUSER_ID = RADUSER.RADUSER_ID and \
                    UATTR_TYPE = 'reply' \
            order by UATTR_ID"
    ...
  }
}
instantiate {}
authorize {
  preprocess
  suffix
  files
  Autz-Type fdn {
    chap
    sqlfdn
  }
}
authenticate {
  Auth-Type PAP { pap }
  Auth-Type CHAP { chap }
  Auth-Type essai { ok }
  eap
}

Voici un extrait des tables SQL:

mysql> select * from RADUSER where RADUSER_LOGIN='jeannot.lapin@fdn.nerim';
+------------+-------------------------+-------------+----------+
| RADUSER_ID | RADUSER_LOGIN           | RADGROUP_ID | LIGNE_ID |
+------------+-------------------------+-------------+----------+
|        111 | jeannot.lapin@fdn.nerim |           1 |      154 |
+------------+-------------------------+-------------+----------+
1 row in set (0.00 sec)
mysql> select * from UATTR where RADUSER_ID=111;
+----------+-------------------+----------+--------------------+------------+------------+
| UATTR_ID | UATTR_ATTR        | UATTR_OP | UATTR_VALUE        | UATTR_TYPE | RADUSER_ID |
+----------+-------------------+----------+--------------------+------------+------------+
|      362 | User-Password     | ==       | toto               | check      |        111 |
|      363 | Framed-IP-Address | =        | 80.67.176.89       | reply      |        111 |
|      364 | Framed-IP-Netmask | =        | 255.255.255.255    | reply      |        111 |
|      389 | Framed-IPv6-Route | =        | 2001:910:1059::/48 | reply      |        111 |
+----------+-------------------+----------+--------------------+------------+------------+
4 rows in set (0.00 sec)

Et par exemple, ça donne donc:

$ radtest jeannot.lapin@fdn.nerim toto 80.67.169.40 1 pweeet ppp 80.67.169.42
Sending Access-Request of id 44 to 80.67.169.40 port 1812
	User-Name = "jeannot.lapin@fdn.nerim"
	User-Password = "toto"
	NAS-IP-Address = 80.67.169.42
	NAS-Port = 1812
	Message-Authenticator = 0x00000000000000000000000000000000
      Framed-Protocol = PPP
rad_recv: Access-Accept packet from host 80.67.169.40 port 1812, id=44, length=52
	Framed-IP-Address = 80.67.176.89
	Framed-IP-Netmask = 255.255.255.255
	Framed-IPv6-Route = "2001:910:1059::/48"
documentation/radius.txt · Dernière modification: 2016/11/13 00:25 par sthibaul