Install freeradius and mysql server
1 |
yum install freeradius freeradius-mysql freeradius-utils mysql-server mysql -y |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
mysql> mysql> CREATE DATABASE radius; Query OK, 1 row affected (0.01 sec) mysql> GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "mega_pass"; Query OK, 0 rows affected (0.01 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> use radius; Database changed mysql> SOURCE /etc/raddb/sql/mysql/schema.sql Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.02 sec) Query OK, 0 rows affected (0.01 sec) mysql> exit Bye |
Now open up CentOS:
1 |
vim /etc/raddb/sql.conf |
Connection info:
1 2 3 4 |
server = "localhost" port = 3306 login = "radius" password = "mega_pass" |
Database table configuration for everything except Oracle
radius_db = “radius”
In /etc/raddb/radiusd.conf uncomment line: $INCLUDE sql.conf
Add IP address and port and type connection. (For me – wifi router)
1 2 3 4 5 6 7 8 9 10 11 |
listen { ipaddr = 10.200.0.1 port = 1812 type = auth } listen { ipaddr = 10.200.0.1 port = 1812 type = acct } |
Edit /etc/raddb/sites-available/default and uncomment the line containing ‘sql’ in the authorize{} section and ‘sql’ (line 177) in the accounting{} section, also uncomment ‘sql’ (line 406) under session{}.
Additionally, edit /etc/raddb/sites-available/inner-tunnel and uncomment the line containing ‘sql’ (line 131) under “authorize{}” and under session{}.
1 |
service radiusd restart |
To add clients (External VPN Servers) you would edit CentOS: /etc/raddb/clients.conf
1 2 3 4 5 6 7 8 9 |
client 10.124.3.253 { secret = test123 shortname = flyNET nastype = other } |
In Cisco Router:
1 |
radius-server host 10.200.0.1 auth-port 1812 acct-port 1813 key auth_rad |
Add user:
1 |
# mysql |
1 2 3 4 5 6 7 8 9 |
INSERT INTO radcheck (username,attribute,op,value) VALUES ('uasya','NT-Password',':=','c85b4a5f12d398b16be88cfedb4ef74f'); INSERT INTO radreply (username,attribute,op,value) VALUES ('uasya','Framed-IP-Address',':=','192.168.80.148'); INSERT INTO radreply (username,attribute,op,value) VALUES ('uasya','Framed-IP-Netmask',':=','255.255.255.255'); INSERT INTO radreply (username,attribute,op,value) VALUES ('uasya','Framed-Protocol',':=','PPP'); INSERT INTO radusergroup VALUES ('uasya','vpn','1'); |
Delete user:
1 2 3 |
DELETE FROM radcheck WHERE username='uasya'; DELETE FROM radreply WHERE username='uasya'; DELETE FROM radusergroup WHERE username='uasya'; |
Create crypted NT-Password:
Linux, Mac OS X:
1 |
$ echo -n "fuckoff" | iconv -t utf-16le | openssl dgst -md4 |
or:
1 |
$ iconv -f ASCII -t UTF-16LE <(printf "fuckoff") | openssl dgst -md4 |
FreeBSD:
1 |
$ echo -n "fuckoff" | iconv -t utf-16le | openssl dgst -md4 |
Command returns MD4 hash:
1 |
(stdin)= c85b4a5f12d398b16be88cfedb4ef74f |
[…] сеть (тыц) — пересобрать ядро с поддержкой PF NAT — установить и настроить Radius+mysql и создать […]