LoginSignup
0
0

More than 1 year has passed since last update.

FreeRadius設定項目

Posted at

freeradius 3.0.20
almalinux9.0
10.150.200.26
共有鍵[apresia]
MAC認証パスワード(1q2w3e)

■ipv4設定
DGW:10.150.200.250
DNS:8.8.8.8

■SELinuxの無効化

vi /etc/selinux/config

SELINUX=enforcing

■FWの無効化
systemctl stop firewalld
systemctl disable firewalld

reboot

getenforce

■freeradiusの設定
dnf install freeradius*
cd /etc/raddb/cert
make ca.pem ルート証明書
make server.pem サーバー証明書
make client.pem クライアント証明書
openssl dhparam -5 -out dh 1024 DHパラメータファイル
chmod 755 server.pem なぜか読込めないのでパーミッションを変更
radiusd -X デバックモードで起動

■設定ファイルの編集

/etc/raddb/users
#下記追記分
#MACアドレス認証
Cleartext-Password:="1q2w3e"
Na-Vlan-ID=200

#WEB認証
wuser Cleartext-Password:="wuser"
Na-Vlan-ID=200

#802.1X認証(EAP-PEAP)
euser Auth-Type:EAP,Cleartext-Password:="euser"
Tunnel-Type = 13,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-Id = 200

/etc/raddb/dictionary
#下記追記分
VENDOR APRESIA 278
BEGIN-VENDOR APRESIA
ATTRIBUTE NA-Vlan-Id 192 integer
END-VENDOR APRESIA

/etc/raddb/mods-enabled/eap
tls-config tls-common {...
#下記追記分
private_key_password = whatever
private_key_file =/etc/raddb/certs/server.key
certificate_file = /etc/raddb/certs/server.pem
ca_file = /etc/raddb/certs/ca.pem
check_crl = no #CRLのチェック省略
allow_expired_crl = yes #有効期限の切れたCRLも使えるように
...}

/etc/raddb/sites-available/tls
tls {...
#下記追記分
private_key_password = whatever
private_key_file =/etc/raddb/certs/server.key
certificate_file = /etc/raddb/certs/server.pem
ca_file = /etc/raddb/certs/ca.pem
check_crl = no #CRLのチェック省略
allow_expired_crl = yes #有効期限の切れたCRLも使えるように
...

0
0
1

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0