1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-01-22 05:09:09 +02:00

158 lines
4.5 KiB
Markdown
Raw Normal View History

2016-07-29 00:07:14 +08:00
FreeRADIUS
2016-07-28 13:35:00 +08:00
==========
[FreeRADIUS][1] includes a RADIUS server, a BSD licensed client library, a PAM
library, and an Apache module. In most cases, the word FreeRADIUS refers to the
RADIUS server.
## docker-compose.yml
```yaml
freeradius:
image: vimagick/freeradius
ports:
- "1812:1812/udp"
- "1813:1813/udp"
links:
- mysql
restart: always
mysql:
image: mysql
volumes:
- ./mysql:/docker-entrypoint-initdb.d
environment:
- MYSQL_ROOT_PASSWORD=root
restart: always
```
## Server Setup
```bash
$ docker-compose up -d mysql
$ docker-compose exec mysql mysql -uroot -proot radius
>>> show tables;
+------------------+
| Tables_in_radius |
+------------------+
| nas |
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radpostauth |
| radreply |
| radusergroup |
+------------------+
8 rows in set (0.00 sec)
>>> SHOW GRANTS FOR radius;
+----------------------------------------------------------------+
| Grants for radius@% |
+----------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'radius'@'%' |
| GRANT SELECT ON `radius`.* TO 'radius'@'%' |
| GRANT ALL PRIVILEGES ON `radius`.`radacct` TO 'radius'@'%' |
| GRANT ALL PRIVILEGES ON `radius`.`radpostauth` TO 'radius'@'%' |
+----------------------------------------------------------------+
5 rows in set (0.00 sec)
2016-07-28 18:05:54 +08:00
>>> INSERT INTO radcheck VALUES
(NULL, 'user', 'MD5-Password', ':=', MD5('pass')),
(NULL, 'user', 'Expiration', ':=', 'Jul 31 2016 00:00:00');
Query OK, 2 row affected (0.04 sec)
Records: 2 Duplicates: 0 Warnings: 0
2016-07-28 13:35:00 +08:00
2016-07-28 15:37:07 +08:00
>>> SELECT * FROM radcheck;
2016-07-28 18:05:54 +08:00
+----+----------+--------------+----+----------------------------------+
| id | username | attribute | op | value |
+----+----------+--------------+----+----------------------------------+
| 1 | user | MD5-Password | := | 1a1dc91c907325c69271ddf0c944bc72 |
| 2 | user | Expiration | := | Jul 31 2016 00:00:00 |
+----+----------+--------------+----+----------------------------------+
2 rows in set (0.00 sec)
2016-07-28 15:37:07 +08:00
>>> INSERT INTO nas VALUES(NULL, '0.0.0.0/0', 'testing', NULL, NULL, 'testing321', NULL, NULL, NULL);
Query OK, 1 row affected (0.02 sec)
>>> SELECT * FROM nas;
+----+-----------+-----------+------+-------+------------+--------+-----------+-------------+
| id | nasname | shortname | type | ports | secret | server | community | description |
+----+-----------+-----------+------+-------+------------+--------+-----------+-------------+
| 1 | 0.0.0.0/0 | testing | NULL | NULL | testing321 | NULL | NULL | NULL |
+----+-----------+-----------+------+-------+------------+--------+-----------+-------------+
1 row in set (0.00 sec)
>>> SELECT * FROM radpostauth;
2016-07-29 00:07:14 +08:00
+----+----------+------+---------------+---------------------+
| id | username | pass | reply | authdate |
+----+----------+------+---------------+---------------------+
| 1 | user | pass | Access-Accept | 2016-07-28 06:28:28 |
| 2 | user | pass | Access-Accept | 2016-07-28 06:30:04 |
| 3 | user | xxxx | Access-Reject | 2016-07-28 06:30:22 |
+----+----------+------+---------------+---------------------+
2016-07-28 15:37:07 +08:00
2016-07-28 13:35:00 +08:00
>>> EXIT
Bye
$ docker-compose up -d freeradius
$ docker-compose exec freeradius sh
>>> vi /etc/raddb/clients.conf
2016-07-28 15:37:07 +08:00
>>> radtest user pass localhost 0 testing123
2016-07-28 18:05:54 +08:00
>>> cd /etc/raddb/certs
>>> make client.p12
2016-07-28 13:35:00 +08:00
>>> exit
2016-07-28 18:05:54 +08:00
$ docker cp freeradius_freeradius_1:/etc/raddb/certs/ca.pem /tmp
$ docker cp freeradius_freeradius_1:/etc/raddb/certs/client.p12 /tmp
2016-07-28 13:35:00 +08:00
$ docker-compose restart freeradius
```
2016-07-28 18:05:54 +08:00
> The `ca.pem` and `client.p12` (password: whatever) is for `EAP-TLS`.
2016-07-28 13:35:00 +08:00
```
# /etc/raddb/clients.conf
2016-07-28 15:37:07 +08:00
#client testing {
# ipaddr = 0.0.0.0/0
# secret = testing321
#}
2016-07-28 13:35:00 +08:00
```
2016-07-28 15:37:07 +08:00
> Manage NAS (Network Access Server) via MySQL.
2016-07-28 18:05:54 +08:00
## OpenWrt Setup
```
Network > Wireless > Wireless Security:
Encryption: WPA2-EAP
AuthServer: 192.168.31.138
AuthSecret: testing321
AcctServer: 192.168.31.138
AcctSecret: testing321
```
## Android Setup
```
# Import CA and P12(CRT+KEY)
Settings > Additional settings > Privacy > Install from SD card
# Connect WiFi
Settings > WLAN > TLS:
CA: xxxxxx
KEY: xxxxxx
ID: android
```
2016-07-28 13:35:00 +08:00
## Client Setup
```bash
# ssh root@192.168.31.231
$ pacman -S freeradius freeradius-client
2016-07-28 18:05:54 +08:00
$ radtest user pass 192.168.31.138 0 testing321
$ radtest user xxxx 192.168.31.138 0 testing321
2016-07-28 13:35:00 +08:00
```
[1]: http://freeradius.org/