[FUG-BR] [OFF] mpd e radius (final e arquivos de conf)
Márcio Luciano Donada
mdonada em auroraalimentos.com.br
Quarta Julho 11 11:00:06 BRT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Márcio Luciano Donada escreveu:
> Boa tarde, Alguém tem o mpd funcionando com o radius? Gostaria de
> trocar umas idéias em off mesmo.
>
> Abraço,
Depois de muita briga com o mpd e radius, passo abaixo a configuração
para autenticação do mpd e radius no ldap.
mpd.conf:
default:
load pptp
pptp:
load pptp1
load pptp2
load pptp3
load pptp4
pptp0:
new -i ng1 pptp0 pptp0
load pptp-conf
set ipcp ranges 121.1.254.254/32 121.1.254.100/32
pptp1:
new -i ng1 pptp1 pptp1
load pptp-conf
set ipcp ranges 121.1.254.254/32 121.1.254.101/32
pptp2:
new -i ng2 pptp2 pptp2
load pptp-conf
set ipcp ranges 121.1.254.254/32 121.1.254.102/32
pptp3:
new -i ng3 pptp3 pptp3
load pptp-conf
set ipcp ranges 121.1.254.254/32 121.1.254.103/32
pptp4:
new -i ng4 pptp4 pptp4
load pptp-conf
set ipcp ranges 121.1.254.254/32 121.1.254.104/32
pptp5:
new -i ng5 pptp5 pptp5
load pptp-conf
set ipcp ranges 121.1.254.254/32 121.1.254.105/32
pptp-conf:
load radius
set bundle yes radius-acct
set iface disable on-demand
set iface enable proxy-arp
set iface idle 1800
set bundle disable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 10 240
set ipcp yes vjcomp
set ipcp nbns 200.228.43.2
set ipcp dns 200.228.43.2
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e40
set ccp yes mpp-e128
set ccp yes mpp-stateless
radius:
set radius config /etc/radius/radius.conf
set radius retries 3
set radius timeout 3
set radius acct-update 300
set bundle enable radius-auth radius-fallback
set bundle enable radius-acct
set iface enable radius-idle radius-session radius-mtu
radius-route
set bundle enable compression
set ccp yes mppc
set ccp enable radius
no radiusd.conf:
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = yes
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
$INCLUDE ${confdir}/clients.conf
modules {
mschap {
authtype = MS-CHAP
}
ldap {
server = "localhost"
basedn = "ou=Users,dc=auroraalimentos,dc=com,dc=br"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
}
authorize {
ldap
mschap
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
}
/usr/local/etc/raddb/users (importantíssimo)
DEFAULT Auth-Type = LDAP Fall-Through = 1
cd /etc/radius.conf
acct 127.0.0.1 senha_do_cliente_radius
auth 127.0.0.1 senha_do_cliente_radius
Acho que era isso.
Abraço,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGlOJmbjyCr4Ixg0wRAjZTAJ9Lulo8apTrQAccWc68ZcGOmsZdJwCgheBT
Xdv42UStNVHgt7Rx16WC1Mo=
=hbuZ
-----END PGP SIGNATURE-----
Mais detalhes sobre a lista de discussão freebsd