Child pages
  • 802.1X secured wifi installation
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »


Components involved


Replication of production setup

packages: shorewall

New stuff


packages: freeradius



Python module / script

cd /etc/freeradius/3.0/
ln -s mods-available/python mods-enabled/

Put the following in it:

# Make sure the PYTHONPATH environmental variable contains the
# directory(s) for the modules listed below.
# Uncomment any func_* which are included in your module. If
# rlm_python is called for a section which does not have
# a function defined, it will return NOOP.
python {
	module = script_launcher # @#$dy

	python_path = ${modconfdir}/${.:name}:/usr/lib/python2.7 # @#$dy
	mod_post_auth = ${.module} # @#$dy
	func_post_auth = post_auth # @#$dy

Modify /etc/freeradius/3.0/sites-enabled/inner-tunnel:

# Add this line just after 'sql' in the 'post-auth' section

"@@@" copy outer to inner tunnel

Place the script at /etc/freeradius/3.0/mods-config/python/



packages: sudo

shwl_add / shwl_del scripts

 packages: arp-scan

apt-get install arp-scan
# Install the scripts in /usr/local/sbin/, and configure settings in each of them
chown root:freerad /usr/local/sbin/shwl_*
chmod 750 /usr/local/sbin/shwl_*

Add the following line to freerad's crontab

*/1 * * * * /usr/local/sbin/ # @#$dy # @@@ figure out optimal interval

MySQL script

Pre-requisites from above steps: sudo, shwl_add / shwl_del scripts MySQL config, FreeRADIUS MySQL config

apt-get install libpam-script sshpass
mkdir /usr/share/libpam-script/pam-script.d/pam_to_mysql_update
cd /usr/share/libpam-script/pam-script.d/pam_to_mysql_update
# Put the script in here, and configure MySQL settings inside
ln -s pam_script_auth
ln -s pam_script_passwd

Add the following line at the end of /etc/pam.d/common-auth or as may be appropriate to the PAM configuration of the system:

auth	required               onerr=fail dir=/usr/share/libpam-script/pam-script.d/pam_to_mysql_update/

Add the following line at the end of /etc/pam.d/common-password or as may be appropriate to the PAM configuration of the system:


password	required               onerr=fail dir=/usr/share/libpam-script/pam-script.d/pam_to_mysql_update/

  • No labels