...
| Code Block |
|---|
update reply {
Session-Timeout := 18003600
Termination-Action := 1
} |
...
| Code Block |
|---|
apt-get install arp-scan
# Install the shwl_*.sh scripts from the shwl_add_shwl_del_sl_pmu archive in /usr/local/sbin/, and configure settings in each of them
chown root:freerad /usr/local/sbin/shwl_*
chmod 750 /usr/local/sbin/shwl_*
mkdir /var/local/shwl_add
chown freerad:freerad /var/local/shwl_add
chmod 700 /var/local/shwl_add
chmod a-s /var/local/shwl_add |
...
| Code Block |
|---|
*/1 * * * * /usr/local/sbin/shwl_del.sh # @#$dy # @@@ figure out optimal interval |
MySQL
| Code Block |
|---|
mysql -uroot
CREATE DATABASE shwl_add_shwl_del_pmu;
GRANT ALL on shwl_add_shwl_del_pmu.event_log TO 'freerad'@'localhost';
exit
mysql -uroot radius < shwl_add_shwl_del_pmu.sql # Updating shwl_add_shwl_del_pmu.sql to the full path of the shwl_add_shwl_del_pmu.sql file extracted from the shwl_add_shwl_del_sl_pmu archive |
pam_to_mysql_update.sh script
Prerequisities from above: sudo, FreeRADIUS MySQL, shwl_add / shwl_del scripts MySQL
| Code Block |
|---|
apt-get install libpam-script sshpass
mkdir /usr/share/libpam-script/pam-script.d/pam_to_mysql_update
cd /usr/share/libpam-script/pam-script.d/pam_to_mysql_update
# Put the script in here, and configure MySQL settings inside
ln -s pam_to_mysql_update.sh pam_script_auth
ln -s pam_to_mysql_update.sh pam_script_passwd
|
Add the following line at the end of /etc/pam.d/common-auth:
| Code Block | ||
|---|---|---|
| ||
...
auth required pam_script.so onerr=fail dir=/usr/share/libpam-script/pam-script.d/pam_to_mysql_update/ |
Add the following line at the end of /etc/pam.d/common-password:
...
| title | /etc/pam.d/common-password |
|---|
...
Settings in /usr/local/sbin/shwl_add.sh (at top of file):
| Code Block |
|---|
....
# Settings
cfg_shwl_zone="wifi1" # Shorewall dynamic zone to which client devices' IP addresses need to be added # @@@ figure out a few optimal intervals
cfg_shwl_retry_delay=2 # Number of seconds to wait, in case of failure in adding IP to shorewall dynamic zone, before attempting second time
cfg_file_location="/var/local/shwl_add" # Folder where runtime information will be stored
cfg_file_location_owner_user="freerad" # User by which above folder should be owned
cfg_file_location_owner_group="freerad" # Group by which above folder should be owned
cfg_ip_srch_iface="enp0s8" # Network interface on which to scan for devices
cfg_ip_srch_initial_delay=0.75 # How many seconds to wait before first attempt at scanning
cfg_ip_srch_retry_delay=4 # How many seconds to wait in between further attempts at scanning
cfg_ip_srch_max_attempts=50 # Maximum number of attempts at scanning before giving up
cfg_mysql_user="freerad" # MySQL username
cfg_mysql_db="shwl_add_shwl_del_pmu" # MySQL database name where to log events
cfg_mysql_log_table="event_log" # Table in MySQL database where to log events
.... |
Settings in /usr/local/sbin/shwl_del.sh (at top of file):
| Code Block |
|---|
....
# Settings
cfg_ip_match_pattern="192.168." # Pattern to match all IP addresses that might be in the shorewall dynamic zone # @@@ figure out a few optimal intervals
cfg_session_expiry_timeout=3660 # Session duration (should be slightly longer than Session-Timeout attribute specified in FreeRADIUS)
cfg_shwl_zone="wifi1" # Shorewall dynamic zone containing clients' IP addresses
cfg_file_location="/var/local/shwl_add" # Folder where runtime information is stored
cfg_file_location_owner_user="freerad" # User by which above folder should be owned
cfg_file_location_owner_group="freerad" # Group by which above folder should be owned
cfg_mysql_user="freerad" # MySQL username
cfg_mysql_db="shwl_add_shwl_del_pmu" # MySQL database name where to log events
cfg_mysql_log_table="event_log" # Table in MySQL database where to log events
.... |
MySQL
| Code Block |
|---|
mysql -uroot
CREATE DATABASE shwl_add_shwl_del_pmu;
GRANT ALL on shwl_add_shwl_del_pmu.event_log TO 'freerad'@'localhost';
exit
mysql -uroot shwl_add_shwl_del_pmu < shwl_add_shwl_del_pmu.sql # Updating shwl_add_shwl_del_pmu.sql to the full path of the shwl_add_shwl_del_pmu.sql file extracted from the shwl_add_shwl_del_sl_pmu archive |
pam_to_mysql_update.sh script
Prerequisities from above: sudo, FreeRADIUS MySQL, shwl_add / shwl_del scripts MySQL
| Code Block |
|---|
apt-get install libpam-script sshpass
mkdir /usr/share/libpam-script/pam-script.d/pam_to_mysql_update
cd /usr/share/libpam-script/pam-script.d/pam_to_mysql_update
# Install the pam_to_mysql_update.sh script from the shwl_add_shwl_del_sl_pmu archive in here
ln -s pam_to_mysql_update.sh pam_script_auth
ln -s pam_to_mysql_update.sh pam_script_passwd
|
Add the following line at the end of /etc/pam.d/common-auth:
| Code Block | ||
|---|---|---|
| ||
....
auth required pam_script.so onerr=fail dir=/usr/share/libpam-script/pam-script.d/pam_to_mysql_update/ |
Add the following line at the end of /etc/pam.d/common-password:
| Code Block | ||
|---|---|---|
| ||
....
password required pam_script.so onerr=fail dir=/usr/share/libpam-script/pam-script.d/pam_to_mysql_update/ |
Settings in /usr/share/libpam-script/pam-script.d/pam_to_mysql_update/pam_to_mysql_update.sh (at top of file):
| Code Block |
|---|
....
# Settings
cfg_mysql_user="freerad" # MySQL username
cfg_mysql_user_db="radius" # MySQL database name where to update passwords
cfg_mysql_log_db="shwl_add_shwl_del_pmu" # MySQL database name where to log events
cfg_mysql_user_table="radcheck" # Table in MySQL database where to update passwords
cfg_mysql_log_table="event_log" # Table in MySQL database where to log events
cfg_verbose=0 # Print verbose messages on stdout
.... |