CentOS FreeRadius 설치 및 연동

FreeRadius 설치

# Install FreeRadius #

sudo yum -y update

yum install freeradius freeradius-utils freeradius-mysql freeradius-perl –y

systemctl enable radiusd
systemctl status radiusd

systemctl restart radiusd
systemctl status radiusd

bob user 테스트유저로써 주석 제거

cd /etc/raddb/

vi users

bob     Cleartext-Password := "hello"
Reply-Message := "Hello, %{User-Name}"

systemctl restart radiusd

#Radius USER TEST

radtest bob hello 127.0.0.1 0 testing123

# Add Clients

vi clients.conf

}
}

## 이부분을 추가함
client test1 {
secret = Cyberark1
ipaddr = 192.168.50.20
}
##위에부분

# IPv6 Client
client localhost_ipv6 {
ipv6addr        = ::1
secret          = testing123

#NTRadPing TEST Utility tool 통해 라디우스 서버 체크

 

# 라디우스 서버에 대해 포트가 막혀있어서 그런듯 라디우스 데몬죽이고 다시살리기
pkill radiusd

# 방화벽 내려주기



systemctl status firewalld.service
systemctl disable firewalld.service
sudo systemctl mask --now firewalld.service
systemctl status firewalld.service

radiusd -X

 

 

 

FreeRadius 용의 LinOTP 모듈 설치

yum install git

git clone

https://github.com/LinOTP/linotp-auth-freeradius-perl.git

/usr/share/linotp/linotp-auth-freeradius-perl

#Perl 모듈 활성화

ln -s /etc/raddb/mods-available/perl /etc/raddb/mods-enabled/perl

#LinOTP 에서 설정 렐름부분 수정

vi /etc/linotp2/rlm_perl.ini

#IP of the linotp server URL=https://localhost/validate/simplecheck #optional: limits search for user to this realm REALM=honglab-realm # LinOTP 콘솔에서 만든 Realm 이름 #optional: only use this UserIdResolver #RESCONF=flat_file #optional: comment out if everything seems to work fine Debug=True #optional: use this, if you have selfsigned certificates, otherwise comment out SSL_CHECK=False

RADIUS 서버에서 활성화 된 구간에 대한 기본 링크 제거

rm /etc/raddb/sites-enabled/{inner-tunnel,default} rm /etc/raddb/mods-enabled/eap

vi /etc/raddb/sites-available/linotp

FreeRADIUS에서 LinOTP 활성화

server default { listen { type = auth ipaddr = * port = 0 limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } listen { ipaddr = * port = 0 type = acct } authorize { preprocess IPASS suffix ntdomain files expiration logintime update control { Auth-Type := Perl } pap } authenticate { Auth-Type Perl { perl } } preacct { preprocess acct_unique suffix files } accounting { detail unix -sql exec attr_filter.accounting_response } session { } post-auth { update { &reply: += &session-state: } -sql exec remove_reply_message_if_eap } }

소프트링크 활성화 & RADIUS 서비스 활성화

ln -s /etc/raddb/sites-available/linotp /etc/raddb/sites-enabled/linotp

systemctl enable radiusd systemctl start radiusd