Senin, 14 Desember 2009

konfigurasi radius di freebsd

saya baru belajar freebsd so kl da yg salah tlg dibenerin yak langsung ke pokok bahasan aj yak biar g terlalu ngaret.

begini ni langkah-langkahnya :

Pastikan ports sudah di update ke versi terakhir.

1. Install FreeRadius, enablekan dukungan MYSQL saja.

2. Install MYSQL server.

3. Ubah rc.conf, tambahkan baris ini :

mysql_enable=”YES”

radiusd_enable=”YES”

4. Konfigurasi database dan impor sql

Disini saya menggunakan database yang terbaru dari freebsd yaitu menggunakan mysql60-server. Jalankan Database

mailserver# /usr/local/etc/rc.d/mysql-server start
Starting mysql.

mailserver# mysql -u root -p

mysql> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| mysql |
+——————–+
2 rows in set (0.00 sec)

mysql> create database freeradius;
Query OK, 1 row affected (0.00 sec)

Import database

mailserver# mysql -uroot -p freeradius < /usr/local/share/doc/freeradius/examples/mysql.sql
Enter password:

Grant akses ke database freeradius

mysql> grant all privileges on freeradius.* to zeeboy@localhost identified by ‘1234’ with grant option;

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

5. Modifikasi setting file2 terkait.

Modif sql.conf

mailserver# cd /usr/local/etc/raddb

mailserver# ee sql.conf

# Connect info
server = “localhost”
login = “zeeboy”
password = “1234”

# Database table configuration
radius_db = “freeradius”

simpan.

Modif akses ke client radius :

mailserver# ee clients.conf

secret = 1234

simpan.

Modif radiusd.conf

mailserver# ee radiusd.conf

cari ’sql’ di bagian authorize dan accounting. Buang tanda # di depannya.

6. Jalankan service radius

mailserver# /usr/local/etc/rc.d/radiusd start
Starting radiusd.
Thu Jul 10 06:52:32 2008 : Info: Starting – reading configuration files …

mailserver# ps -ax | grep radius
96134 ?? IsJ 0:00.00 /usr/local/sbin/radiusd
96248 p0 S+J 0:00.00 grep radius

7. Tes servicenya

mailserver# ee users

Tambahkan baris ini di paling bawah :

zeeboy Auth-Type := Local, User-Password == “coba”

client 10.14.2.0/24 {
secret = 1234
shortname = private-network-1
}

simpan dan restart radiusnya.

Coba tes:

mailserver# radtest zeeboy coba 10.14.2.14 1812 1234
Sending Access-Request of id 102 to 10.14.2.14 port 1812
User-Name = “zeeboy”
User-Password = “coba”
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rad_recv: Access-Accept packet from host 10.14.2.14:1812, id=102, length=20

next step gan :))

8. Input data tes

mysql> use freeradius;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql>

Insert data dummy

mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES (’zeeboy12’, ‘Password’, ‘12345’);

mysql> INSERT INTO radgroupcheck (GroupName, Attribute, Value) VALUES (’dynamic’, ‘Auth-Type’, ‘Local’);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Framed-Compression’, ‘:=’,

‘Van-Jacobsen-TCP-IP’);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Framed-Protocol’, ‘:=’, ‘PPP’);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Service-Type’, ‘:=’, ‘Framed-User’);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Framed-MTU’, ‘:=’, ‘1500′);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘X-Ascend-Assign-IP-Pool’, ‘:=’, ‘0′);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘X-Ascend-Maximum-Time’, ‘:=’, ‘7200′);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘X-Ascend-Route-IP’, ‘:=’,

‘Route-IP-Yes’);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Idle-Timeout’, ‘:=’, ‘1800′);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO usergroup (UserName, GroupName) VALUES (’zeeboy12’,’dynamic’);
Query OK, 1 row affected (0.01 sec)

mysql> exit
Bye

9. Tes ulang authentifikasinya

mailserver# radtest zeeboy12 12345 10.14.2.14 1812 1234
Sending Access-Request of id 170 to 10.14.2.14 port 1812
User-Name = “zeeboy12”
User-Password = “12345”
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rad_recv: Access-Accept packet from host 10.14.2.14:1812, id=170, length=68
Framed-Compression = Van-Jacobson-TCP-IP
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-MTU = 1500
X-Ascend-Assign-IP-Pool = 0
X-Ascend-Maximum-Time = 7200
X-Ascend-Route-IP = Route-IP-Yes
Idle-Timeout = 1800
mailserver#

OK. Sampai disini server radius sudah berhasil di install, bisa di gunakan untuk auth di hotspot mikrotik.

Dgn data :

IP : 10.14.2.14

Port : 1812

secret key : 1234

Diposting oleh zai_cahyo di 09.42  

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)
Blogspot Templates by Isnaini Dot Com. Powered by Blogger and Supported by Lincah.Com - Mazda Cars