Introduction
Components involved
Installation
Replication of production setup
packages: shorewall
New stuff
FreeRADIUS
packages: freeradius
Certificates
MySQL
Python module / script_launcher.py script
| Code Block |
|---|
cd /etc/freeradius/3.0/
ln -s mods-available/python mods-enabled/ |
Put the following in it:
| Code Block | ||
|---|---|---|
| ||
#
# Make sure the PYTHONPATH environmental variable contains the
# directory(s) for the modules listed below.
#
# Uncomment any func_* which are included in your module. If
# rlm_python is called for a section which does not have
# a function defined, it will return NOOP.
#
python {
module = script_launcher # @#$dy
python_path = ${modconfdir}/${.:name}:/usr/lib/python2.7 # @#$dy
mod_post_auth = ${.module} # @#$dy
func_post_auth = post_auth # @#$dy
}
|
Modify /etc/freeradius/3.0/sites-enabled/inner-tunnel:
| Code Block | ||
|---|---|---|
| ||
...
# Add this line just after 'sql' in the 'post-auth' section
python
... |
"@@@" copy outer to inner tunnel
Place the script_launcher.py script at /etc/freeradius/3.0/mods-config/python/script_launcher.py
Shorewall
sudo
packages: sudo
shwl_add / shwl_del scripts
packages: arp-scan
| Code Block |
|---|
apt-get install arp-scan
# Install the scripts in /usr/local/sbin/, and configure settings in each of them
chown root:freerad /usr/local/sbin/shwl_*
chmod 750 /usr/local/sbin/shwl_* |
Add the following line to freerad's crontab
| Code Block |
|---|
*/1 * * * * /usr/local/sbin/shwl_del.sh # @#$dy # @@@ figure out optimal interval |
MySQL
pam_to_mysql_update.sh script
Pre-requisites from above steps: sudo, shwl_add / shwl_del scripts MySQL config, FreeRADIUS MySQL config
| Code Block |
|---|
apt-get install libpam-script sshpass
mkdir /usr/share/libpam-script/pam-script.d/pam_to_mysql_update
cd /usr/share/libpam-script/pam-script.d/pam_to_mysql_update
# Put the script in here, and configure MySQL settings inside
ln -s pam_to_mysql_update.sh pam_script_auth
ln -s pam_to_mysql_update.sh pam_script_passwd
|
Add the following line at the end of /etc/pam.d/common-auth or as may be appropriate to the PAM configuration of the system:
| Code Block | ||
|---|---|---|
| ||
...
auth required pam_script.so onerr=fail dir=/usr/share/libpam-script/pam-script.d/pam_to_mysql_update/ |
Add the following line at the end of /etc/pam.d/common-password or as may be appropriate to the PAM configuration of the system:
...
| title | /etc/pam.d/common-password |
|---|
...
Child page description:
Overview - Description of the solution and documentation of custom scripts
Installation - Instructions on installing, and attachment containing scripts