BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /alcasar.sh @ 2419

  → /alcasar.sh @ 2420

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 2419 → Rev 2420

/alcasar.sh
1070,42 → 1070,14
cp -f $DIR_CONF/empty-radiusd-db.sql /etc/raddb/
chown -R radius:radius /etc/raddb
[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
# Set radius.conf parameters
# Set radius global parameters (radius.conf)
$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
# remove the proxy function
$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf
$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf
$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf # remove the proxy function
$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf # remove the proxy function
# remove EAP module
# $SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf
# listen on loopback (should be modified later if EAP enabled)
# $SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf
# enable the SQL module (and SQL counter)
$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf
$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
# only include modules for ALCASAR needs
$SED "s?^[\t ]*\$INCLUDE \${confdir}/modules/.*?\t#\$INCLUDE \${confdir}/modules/\n\t# we only include modules for ALCASAR needs\n\t\$INCLUDE \${confdir}/modules/attr_filter\n\t\$INCLUDE \${confdir}/modules/expiration\n\t\$INCLUDE \${confdir}/modules/logintime\n\t\$INCLUDE \${confdir}/modules/ldap\n\t\$INCLUDE \${confdir}/modules/pap?g" /etc/raddb/radiusd.conf
$SED "s/^[\t ]exec$/\#\texec/g" /etc/raddb/radiusd.conf
$SED "s?^[\t ]*expr.*?\#\texpr?g" /etc/raddb/radiusd.conf
$SED "s?^[\t ]*\# daily.*?\#\tdaily\n\tsql?g" /etc/raddb/radiusd.conf
$SED "s?^[\t ]*logintime.*?\tlogintime\n\tnoresetcounter\n\tdailycounter\n\tmonthlycounter\n\tattr_filter.access_reject\n\tattr_filter.accounting_response\n\tpap?g" /etc/raddb/radiusd.conf
$SED "s?^[\t ]*\$INCLUDE sites-enabled/.*?\#\$INCLUDE sites-enabled/\n\#\tenable only alcasar virtual server\n\$INCLUDE sites-enabled/alcasar?g" /etc/raddb/radiusd.conf
# remvove virtual server and copy our conf file
rm -f /etc/raddb/sites-enabled/*
cp $DIR_CONF/radius/alcasar-radius /etc/raddb/sites-available/alcasar
chown radius:apache /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap # droits rw pour apache (module ldap)
chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap
chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules
ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
# Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide'
# touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default}
# client.conf configuration (coova on 127.0.0.1)
# Set "client.conf" to describe radius clients (coova on 127.0.0.1)
[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
cat << EOF > /etc/raddb/clients.conf
client 127.0.0.1 {
1113,23 → 1085,54
shortname = localhost
}
EOF
# sql.conf modification
[ -e /etc/raddb/sql.conf.default ] || cp /etc/raddb/sql.conf /etc/raddb/sql.conf.default
$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/sql.conf
$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/sql.conf
$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/sql.conf
$SED "s?^[\t ]*sqltrace =.*?sqltrace = no?g" /etc/raddb/sql.conf
# dialup.conf modification (case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.)
[ -e /etc/raddb/sql/mysql/dialup.conf.default ] || cp /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.default
cp -f $DIR_CONF/radius/dialup.conf /etc/raddb/sql/mysql/dialup.conf
# counter.conf modification (change the Max-All-Session-Time counter)
# Set Virtual server (remvove all except "alcasar virtual site")
rm -f /etc/raddb/sites-enabled/*
cp $DIR_CONF/radius/alcasar-radius /etc/raddb/sites-available/alcasar
chown radius:apache /etc/raddb/sites-available/alcasar
chmod 660 /etc/raddb/sites-available/alcasar
ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
# INFO : To connect from outside (EAP), add the EAP virtual server (link in sites-enabled) and inner-tunnel modules (link in mods-enabled)
# Set modules
# Set only usefull modules for ALCASAR
rm -rf /etc/raddb/mods-enabled/*
for mods in sql sqlcounter attr_filter expiration logintime ldap pap
do
ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
done
# Configure SQL mod (TODO :and SQL counter)
[ -e /etc/raddb/mods-available/sql.default ] || cp /etc/raddb/mods-available/sql /etc/raddb/mods-available/sql.default
cp $DIR_CONF/radius/sql /etc/raddb/mods-available/sql
chown radius:radius /etc/raddb/mods-available/sql
$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/mods-available/sql
$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/mods-available/sql
$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/mods-available/sql
# $SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
# $SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
# $SED "s?^[\t ]*\$INCLUDE \${confdir}/modules/.*?\t#\$INCLUDE \${confdir}/modules/\n\t# we only include modules for ALCASAR needs\n\t\$INCLUDE \${confdir}/modules/attr_filter\n\t\$INCLUDE \${confdir}/modules/expiration\n\t\$INCLUDE \${confdir}/modules/logintime\n\t\$INCLUDE \${confdir}/modules/ldap\n\t\$INCLUDE \${confdir}/modules/pap?g" /etc/raddb/radiusd.conf
# $SED "s/^[\t ]exec$/\#\texec/g" /etc/raddb/radiusd.conf
# $SED "s?^[\t ]*expr.*?\#\texpr?g" /etc/raddb/radiusd.conf
# $SED "s?^[\t ]*\# daily.*?\#\tdaily\n\tsql?g" /etc/raddb/radiusd.conf
# $SED "s?^[\t ]*logintime.*?\tlogintime\n\tnoresetcounter\n\tdailycounter\n\tmonthlycounter\n\tattr_filter.access_reject\n\tattr_filter.accounting_response\n\tpap?g" /etc/raddb/radiusd.conf
# $SED "s?^[\t ]*\$INCLUDE sites-enabled/.*?\#\$INCLUDE sites-enabled/\n\#\tenable only alcasar virtual server\n\$INCLUDE sites-enabled/alcasar?g" /etc/raddb/radiusd.conf
# queries.conf modifications : case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] || cp /etc/raddb/mods-config/sql/main/mysql/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf.default
cp -f $DIR_CONF/radius/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf
chown -R radius:radius /etc/raddb/mods-config/sql/main/mysql/queries.conf
# sqlcounter.conf modifications (change the Max-All-Session-Time counter)
[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
chown -R radius:radius /etc/raddb/sql/mysql/*
# make certain that mysql is up before radius start
[ -e /lib/systemd/system/radiusd.service.default ] || cp /lib/systemd/system/radiusd.service /lib/systemd/system/radiusd.service.default
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
/usr/bin/systemctl daemon-reload
# Allow apache to change some conf files (ie : ldap on/off)
chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available
} # End radius ()
##################################################################################
1984,15 → 1987,9
/etc/security/msec/level.local root.root 640
/etc/freeradius-web root.apache 750
/etc/freeradius-web/admin.conf root.apache 640
/etc/raddb/dictionnary root.apache 640
/etc/raddb/ldap.attrmap root.radius 640
/etc/raddb/hints root.radius 640
/etc/raddb/huntgroups root.radius 640
/etc/raddb/attrs.access_reject root.radius 640
/etc/raddb/attrs.accounting_response root.radius 640
/etc/raddb/acct_users root.radius 640
/etc/raddb/preproxy_users root.radius 640
/etc/raddb/modules/ldap radius.apache 660
/etc/raddb/client.conf radius.radius 640
/etc/raddb/radius.conf radius.radius 640
/etc/raddb/mods-available/ldap radius.apache 660
/etc/raddb/sites-available/alcasar radius.apache 660
/etc/pki/* root.apache 750
/var/log/netflow/porttracker root.apache 770