kullandigim modul:
mod-enabled/replicate
# Replicate packet(s) to a home server.
#
# This module will open a new socket for each packet, and "clone"
# the incoming packet to the destination realm (i.e. home server).
kurulum:
--
yum install libtalloc-devel openssl-devel gcc
mkdir -p /opt/freeradius
cd freeradius-server-3.0.11
./configure --prefix=/opt/freeradius
make
make install
files:
--
-/etc/raddb/sites-enabled/default bu dosyada authorize, preacct bolumlerine ekleme yaptim, loglarin detayli loglanmasi icin detail ifadelerini ekledim
-/etc/raddb/mods-enabled/detail bu dosyada detail loglarin yazilacagi lokasyonu degistirdim
-/etc/raddb/clients.conf bu dosyaya client ip ve secretkey bilgileri ile alakali duzenleme yaptim
-/etc/raddb/proxy.conf bu dosyaya realm, home server ve home server pool tanimlari ekledim
-/etc/raddb/radiusd.conf bu dosyada ssl guvenlik uyarisini bypass etmek icin duzenleme yaptim
-/etc/raddb/users bu dosyaya manuel valid user ekledim
config:
--
add to authorize, preacct
update control {
&Replicate-To-Realm := server1
&Replicate-To-Realm += server2
&Replicate-To-Realm += server3
}
replicate
add to authorize, preacct /etc/raddb/sites-enabled/default:
update control {
&Replicate-To-Realm := server1
&Replicate-To-Realm += server2
}
replicate
--
add to: /etc/raddb/proxy.conf
client 0.0.0.0/0 {
secret = mysecretkey
require_message_authenticator=no
}
--
add to: /etc/raddb/proxy.conf
home_server remote_server_1 {
ipaddr = 192.168.5.171
port = 1812
type = auth+acct
secret = mysecretkey
}
home_server remote_server_2 {
ipaddr = 192.168.5.172
port = 1812
type = auth+acct
secret = mysecretkey
}
home_server remote_server_3 {
ipaddr = 192.168.5.173
port = 1812
type = auth+acct
secret = mysecretkey
}
home_server_pool remote_pool_1 {
type = fail-over
home_server = remote_server_1
}
home_server_pool remote_pool_2 {
type = fail-over
home_server = remote_server_2
}
home_server_pool remote_pool_3 {
type = fail-over
home_server = remote_server_3
}
realm server1 {
auth_pool = remote_pool_1
acct_pool = remote_pool_1
}
realm server2 {
auth_pool = remote_pool_2
acct_pool = remote_pool_2
}
realm server3 {
auth_pool = remote_pool_2
acct_pool = remote_pool_2
}
kullanici tanimlama:
--
add to: /etc/raddb/users
testuser Cleartext-Password := "password"
test:
$ for i in $(seq 1 100); do radtest testuser password 192.168.5.174 0 mysecretkey; done
No comments:
Post a Comment