The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

[Cisco] RADIUS для авторизации, аутентификации и аккаутинга Dialup пользователей (cisco dialup dialin aaa auth radius)


<< Предыдущая ИНДЕКС Поиск в статьях src Установить закладку Перейти на закладку Следующая >>
Ключевые слова: cisco, dialup, dialin, aaa, auth, radius,  (найти похожие документы)
From: Karen Mkoyan <Karen@projectharmony.am> Subject: [Cisco] RADIUS для авторизации, аутентификации и аккаутинга Dialup пользователей Remote Authentication Dial-In User Service for Cisco (RADIUS) ------------------- By Karen Mkoyan Karen@projectharmony.am Draft version: 0.1 Friday, January 31, 2003 03:52:32 ------ Introduction: Remote Authentication Dial-In User Service (RADIUS) is a client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. In this particular case the requested system is Cisco dial-up pool. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point. Having a central service also means that it's easier to track usage for billing and for keeping network statistics. Current standard is detailed described in RFC 2138 and 2139 ftp://ftp.ripe.net/rfc/ This is a very good solution for Internet Service Providers. ------ Getting started: Before the actual installation you need to make sure you have, otherwise install the following: 1. PERL 2. MySQL 3. Perl DBI module 4. Perl DATA-DUMPER module 5. Perl DATA-SHOWTABLE module 6. Perl IC-Radius module 7. MySQL DBD 8. BERKLEY SOCKETS (optional for IC-Radius, but you will need for MySQL later). 9. SNMP (optional) 10. PHP MyAdmin (optional) 1. PERL INSTALLATION Most, if not all, of the scripts that come with IC-RADIUS are written in Perl. This, of course, means that you must have Perl installed in order to use them. Most Linux distributions already have Perl installed, so you probably can skip this step if you want to. This section describes how to install or upgrade to Perl 5.6.0, the latest stable release as of this writing. There is nothing about IC-RADIUS or the support scripts that come with it that would require you to perform this upgrade. 1. Download the Perl distribution to /usr/local/src. You can get the latest Perl distribution from http://www.perl.com. 2. Expand the archive: tar -zxvf perl5.6.0.tar.gz 3. Optional step. Delete the archive to save space: rm -f perl5.6.0.tar.gz 4. Move to source directory: cd /usr/local/src/perl5.6.0 5. Read the installation instructions: pico -w INSTALL 6. rm -f config.sh Policy.sh 7. sh Configure -de 8. make 9. make test 10. make install 11. If it installed correctly, you can confirm the correct version: perl -v DONE! 2. MySQL INSTALLATION For installing MySQL package you will need mysql-version.rpm; mysql-client.rpm; mysql-server.rpm; mysql-devel.rpm packages. The latest versions are available at http://www.mysql.com You will also need PERL with it's libraries. I assume you have perl installed, because perl is provided with linux default installation, and in most cases installs automatically. But in case you do not have the prel here are the For installing the rpm packages do rpm -i <package name> Installing the rpm package will automatically run the mysql server. To make sure the server is running do /usr/bin/mysqladmin ping If the answer is "mysql is alive" than it's okay, if there is no answer, try to do: /etc/init.d/mysql start As soon as the server is running do: /usr/bin/mysql_install_db By default there's no password for the 'root' user. To do that run /usr/bin/mysqladmin -u root password "password" Now you can run the MySQL mysql -u username -p "password" You should get mysql> command prompt. DONE! 3.4.5.6 Perl DBI, DATA-DUMPER, Perl DATA-SHOWTABLE, IC-Radius modules INSTALLATION This is quite easy. From http://search.cpan.org download above mentioned modules, unpack, and run the following (in each directory). perl Makefile.PL make test (optional) make install DONE! 7. MySQL DBD INSTALLATION You can get the latest distribution from http://search.cpan.org. By the way, just to confuse things, it's not named DBD - it's named Msql-Mysql-Modules! Makes perfect sense if you already know what you are looking for, but for newbies it can be quite confusing. Expand the archive: tar -zxvf Msql-Mysql-1.2215.tar.gz perl Makefile.PL Note: the defaults are right for most of the questions. Be sure to give the username and password you defined for MySQL when asked or the tests will all fail! make test 8. BERKLEY SOCETS INSTALLATION (optional) 1. Download the Berkley Sockets distribution to /usr/local/src. You can get the latest distribution from http://www.sleepycat.com/. 2. Expand the archive: tar -zxvf Berkleydb-3.2.9a.tar.gz 3. Optional step. Delete the archive to save space: rm -f Berkleydb-3.2.9a.tar.gz 4. Move to source directory: cd /usr/local/src/db-3.2.9a 5. ./configure 6. make 7. make install 8. SNMP INSTALLATION (optional) 1. Download the SNMP distribution to /usr/local/src. You can get the latest distribution from http://search.cpan.org. 2. Expand the archive: tar -zxvf ucd-snmp-4.1.tar.gz 3. Optional step. Delete the archive to save space: rm -f ucd-snmp.tar.gz 4. Move to source directory: cd /usr/local/src/ucd-snmp-4.1 5. ./configure 6. make 7. make test 8. make install 9. PHP MyAdmin INSTALLATION (optional) You will need php myadmin to make easier crating the radius database, importing sql tables, etc. Of course you can do that manually but I think having a web based toolkit will make your life easier in your future MySQL related works. Well, here's what you need to do. From http://www.phpmyadmin.net download the latest stabile version, at this moment it is phpMyAdmin 2.3.2. Expand the archive to directory PMA (for instance) . Edit config.inc.php Change $cfg['PmaAbsoluteUri'] variable to your needs, it should look like: $cfg['PmaAbsoluteUri'] = 'http://www.yourhost.com/pma/'; Point your we browser to that URL. Congratulation on this stage, let's proceed to another, the actual installation. ----- Server side Installation: I found out several free radius software, which are FreeRADIUS, XtRadius, Cistron RADIUS, Gnu-Radius, IC-RADIUS. Below mentioned instructions are about 2001-06-29 - IC-RADIUS 0.18.1 released. I recommend this version. IC Radius is a variation of Cistron RADIUS, but it uses mysql database for storing data. Okay, the first step is downloading the software. Download the distributive from ftp://ftp.innercite.com/pub/icradius/icradius-0.18.1.tar.gz Unpack the archive and cd icradius-0.18.1 Cisco side "installation": Here is what you need to add to your cisco. Enableing aaa service aaa new-model aaa authentication login default local aaa authentication ppp default radius aaa authorization network default radius none aaa accounting update newinfo aaa accounting network default wait-start radius aaa accounting system default start-stop radius Configuring async interface interface Async1 description tel.-411 ip unnumbered Ethernet0 no ip directed-broadcast encapsulation ppp async mode interactive peer default ip address 217.113.7.246 ppp authentication pap chap ! interface Async2 description tel.-414 ip unnumbered Ethernet0 no ip directed-broadcast encapsulation ppp async mode interactive peer default ip address 217.113.7.248 ppp authentication pap chap ! Or you can create an async-group interface Group-Async1 physical-layer async no ip address no ip directed-broadcast peer default ip address pool dial-upers ! Than add the following: ip local pool dial-upers 217.113.13.73 217.113.13.79 ip nat translation timeout never ip nat translation tcp-timeout never ip nat translation udp-timeout never ip nat translation finrst-timeout never ip nat translation syn-timeout never ip nat translation dns-timeout never ip nat translation icmp-timeout never ip classless ip route 0.0.0.0 0.0.0.0 217.113.7.241 ! radius-server host 217.113.7.241 auth-port 1812 acct-port 1813 radius-server retransmit 10 radius-server timeout 3 radius-server deadtime 1 radius-server key cisco

<< Предыдущая ИНДЕКС Поиск в статьях src Установить закладку Перейти на закладку Следующая >>

 Добавить комментарий
Имя:
E-Mail:
Заголовок:
Текст:




Спонсоры:
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2021 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру