Servidor FreeRADIUS/Virtual Server Administrativos
De IFRS Campus Canoas
Virtual Server - Administrativos
Arquivo de configuração /etc/freeradius/sites-available/administrativos.
server administrativos {
listen {
ipaddr = *
port = 41812 # Porta personalizada.
type = auth
}
#listen { # Accounting será configurado em um virtual server separado.
# ipaddr = *
# port = 1813
# type = acct
}
client "wlc-cisco" {
ipaddr = XXX.XXX.XXX.XXX # IP da controladora.
proto = udp
secret = senha # Senha configurada na controladora no menu Security > AAA > RADIUS > Authentication.
require_message_authenticator = yes
shortname = wlc-cisco
nastype = cisco
}
authorize {
#filter_username
preprocess
#auth_log
chap
mschap
#digest
#wimax
#IPASS
#suffix
#ntdomain
#eap {
# ok = return
#}
#unix
#files
#sql
#smbpasswd
ldapadministrativos # Carrega o modulo LDAP para consultar usuários administrativos.
#daily
#checkval
expiration
logintime
pap
Autz-Type Status-Server {
ok
}
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
#digest
#pam
#unix
Auth-Type LDAP {
ldapadministrativos # Carrega o modulo LDAP para consultar usuários administrativos.
}
#eap
#Auth-Type eap {
# eap {
# handled = 1
# }
#if (handled && (Response-Packet-Type == Access-Challenge)) {
#attr_filter.access_challenge.post-auth
#handled # override the "updated" code from attr_filter
# }
#}
}
#preacct { # Accounting será configurado em um virtual server separado.
# preprocess
# #update request {
# #FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
# #}
# acct_unique
# #IPASS
# suffix
# #ntdomain
# files
# }
#accounting { # Accounting será configurado em um virtual server separado.
# detail
# #daily
# #unix
# radutmp
# sradutmp
# #main_pool
# #sql
# #if (noop) {
# #ok
# #}
# #sql_log
# #pgsql-voip
# exec
# attr_filter.accounting_response
# Acct-Type Status-Server {
# ok
# }
# }
session {
radutmp
#sql
}
post-auth {
#main_pool
#reply_log
#sql
#sql_log
#ldap
exec
Post-Auth-Type REJECT {
#sql
attr_filter.access_reject
}
}
pre-proxy {}
post-proxy {}
