無線LANで、IEEE802.1Xを使ってみよう!!
とりあえず、LinuxでAPが作れたので、次はIEEE802.1Xを使ってみようか!!
っと言うわけで、FreeRadiusをインストール!
# apt-get install freeradius
で、色々設定してみたのですが……
FreeRadiusが動きません!!orz
FreeRadiusを動かすのは今回が初めてじゃないんですが、なんせ前にやったのは2~3年前……
忘れています!!(^^ゞ
なんだか、ちょっとだけ設定方法が変わっているみたいです。
# freeradius -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/freeradius/eap.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/freeradius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/freeradius/freeradius.pid"
main: user = "freerad"
main: group = "freerad"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
で、プログラムが止まってしまいます。(?_?)
色々調べていると、DebianのFreeRadiusはTLS関連がOFFになっているから、自分で構築する必要があるそうな……
たしかに
# ls /usr/lib/freeradius/
libeap-1.1.3.so rlm_eap-1.1.3.so rlm_ns_mta_md5-1.1.3.so
libeap.so rlm_eap.so rlm_ns_mta_md5.so
libradius-1.1.3.so rlm_eap_gtc-1.1.3.so rlm_pam-1.1.3.so
libradius.so rlm_eap_gtc.so rlm_pam.so
rlm_acct_unique-1.1.3.so rlm_eap_leap-1.1.3.so rlm_pap-1.1.3.so
rlm_acct_unique.so rlm_eap_leap.so rlm_pap.so
rlm_always-1.1.3.so rlm_eap_md5-1.1.3.so rlm_passwd-1.1.3.so
rlm_always.so rlm_eap_md5.so rlm_passwd.so
rlm_attr_filter-1.1.3.so rlm_eap_mschapv2-1.1.3.so rlm_perl-1.1.3.so
rlm_attr_filter.so rlm_eap_mschapv2.so rlm_perl.so
rlm_attr_rewrite-1.1.3.so rlm_eap_sim-1.1.3.so rlm_preprocess-1.1.3.so
rlm_attr_rewrite.so rlm_eap_sim.so rlm_preprocess.so
rlm_chap-1.1.3.so rlm_exec-1.1.3.so rlm_radutmp-1.1.3.so
rlm_chap.so rlm_exec.so rlm_radutmp.so
rlm_checkval-1.1.3.so rlm_expr-1.1.3.so rlm_realm-1.1.3.so
rlm_checkval.so rlm_expr.so rlm_realm.so
rlm_counter-1.1.3.so rlm_fastusers-1.1.3.so rlm_sql-1.1.3.so
rlm_counter.so rlm_fastusers.so rlm_sql.so
rlm_dbm-1.1.3.so rlm_files-1.1.3.so rlm_sql_log-1.1.3.so
rlm_dbm.so rlm_files.so rlm_sql_log.so
rlm_detail-1.1.3.so rlm_ippool-1.1.3.so rlm_sqlcounter-1.1.3.so
rlm_detail.so rlm_ippool.so rlm_sqlcounter.so
rlm_digest-1.1.3.so rlm_mschap-1.1.3.so rlm_unix-1.1.3.so
rlm_digest.so rlm_mschap.so rlm_unix.so
TLS/TTLSなどのライブラリが無いな~
それなら、自分で入れるか~
どうせなら、Debianパッケージでやって見るかな~
と、思いまずは検索!!
どうやら、下記のページがビンゴみたいだ!!
http://stielec.ac-aix-marseille.fr/cours/caleca/lansecure/radius/freeradius1.html
早速、参考にしながら
# apt-get build-dep source freeradius
# apt-get install build-essential
# apt-get install apt-src
# apt-src update
# mkdir freeradius
# cd freeradius
# apt-src install freeradius
# ls -la
drwxr-xr-x 15 root root 4096 Aug 23 2006 freeradius-1.1.3
-rw-r--r-- 1 root root 17124 Dec 17 2006 freeradius_1.1.3-3.diff.gz
-rw-r--r-- 1 root root 998 Dec 17 2006 freeradius_1.1.3-3.dsc
-rw-r--r-- 1 root root 2587376 Aug 28 2006 freeradius_1.1.3.orig.tar.gz
# cd freeradius-1.1.3/debian
"rule"ファイルを修正
===============================================
--- rules.org 2007-06-28 15:00:48.000000000 +0900
+++ rules 2007-06-28 15:07:12.000000000 +0900
@@ -23,10 +23,10 @@
# You will also need to add a Build-Depends on libssl-dev and libpq-dev
# and remove the Build-Conflicts on libssl-dev
# Finally you need to cat debian/control.postgresql >> debian/control
-buildssl=--without-rlm_eap_peap --without-rlm_eap_tls --without-rlm_eap_ttls --without-rlm_otp --without-rlm_sql_postgresql --without-snmp
-modulelist=krb5 ldap sql_mysql sql_iodbc
-#buildssl=--with-rlm_sql_postgresql_lib_dir=`pg_config --libdir` --with-rlm_sql_postgresql_include_dir=`pg_config --includedir`
-#modulelist=krb5 ldap sql_mysql sql_iodbc sql_postgresql
+#buildssl=--without-rlm_eap_peap --without-rlm_eap_tls --without-rlm_eap_ttls --without-rlm_otp --without-rlm_sql_postgresql --without-snmp
+#modulelist=krb5 ldap sql_mysql sql_iodbc
+buildssl=--with-rlm_sql_postgresql_lib_dir=`pg_config --libdir` --with-rlm_sql_postgresql_include_dir=`pg_config --includedir`
+modulelist=krb5 ldap sql_mysql sql_iodbc sql_postgresql
===============================================
# apt-get install libssl-dev libpq-dev
# cat control.postgresql >> control
"control"ファイルを修正
===============================================
--- control.org 2007-06-28 15:26:04.000000000 +0900
+++ control 2007-06-28 15:26:27.000000000 +0900
@@ -1,6 +1,6 @@
Source: freeradius
-Build-Depends: debhelper (>= 5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, snmp, autotools-dev, dpatch (>= 2), libperl-dev, libtool, dpkg-dev (>= 1.13.19)
-Build-Conflicts: libssl-dev
+Build-Depends: debhelper (>= 5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, snmp, autotools-dev, dpatch (>= 2), libperl-dev, libtool, dpkg-dev (>= 1.13.19), libssl-dev, libpq-dev
+Build-Conflicts:
Section: net
Priority: optional
Maintainer: Stephen Gran
===============================================
# vi changelog
===============================================
freeradius (1.1.3-3tls) unstable; urgency=low
* Add TLS support for compilation
-- youchikurin
===============================================
/* cd freeradius */
# cd ../../
# apt-src build freeradius
・・・
・・・
・・・
I: Successfully built in /root/freeradius/freeradius-1.1.3
# ls -la *.deb
-rw-r--r-- 1 root root 117676 Jun 28 15:33 freeradius-dialupadmin_1.1.3-3tls_all.deb
-rw-r--r-- 1 root root 31858 Jun 28 15:34 freeradius-iodbc_1.1.3-3tls_i386.deb
-rw-r--r-- 1 root root 32556 Jun 28 15:34 freeradius-krb5_1.1.3-3tls_i386.deb
-rw-r--r-- 1 root root 47206 Jun 28 15:34 freeradius-ldap_1.1.3-3tls_i386.deb
-rw-r--r-- 1 root root 31798 Jun 28 15:34 freeradius-mysql_1.1.3-3tls_i386.deb
-rw-r--r-- 1 root root 32260 Jun 28 15:34 freeradius-postgresql_1.1.3-3tls_i386.deb
-rw-r--r-- 1 root root 765886 Jun 28 15:34 freeradius_1.1.3-3tls_i386.deb
# dpkg -i freeradius_1.1.3-3tls_i386.deb
# ls /usr/lib/freeradius/
libeap-1.1.3.so rlm_eap_gtc.so rlm_ns_mta_md5-1.1.3.so
libeap.so rlm_eap_leap-1.1.3.so rlm_ns_mta_md5.so
libradius-1.1.3.so rlm_eap_leap.so rlm_otp-1.1.3.so
libradius.so rlm_eap_md5-1.1.3.so rlm_otp.so
rlm_acct_unique-1.1.3.so rlm_eap_md5.so rlm_pam-1.1.3.so
rlm_acct_unique.so rlm_eap_mschapv2-1.1.3.so rlm_pam.so
rlm_always-1.1.3.so rlm_eap_mschapv2.so rlm_pap-1.1.3.so
rlm_always.so rlm_eap_peap-1.1.3.so rlm_pap.so
rlm_attr_filter-1.1.3.so rlm_eap_peap.so rlm_passwd-1.1.3.so
rlm_attr_filter.so rlm_eap_sim-1.1.3.so rlm_passwd.so
rlm_attr_rewrite-1.1.3.so rlm_eap_sim.so rlm_perl-1.1.3.so
rlm_attr_rewrite.so rlm_eap_tls-1.1.3.so rlm_perl.so
rlm_chap-1.1.3.so rlm_eap_tls.so rlm_preprocess-1.1.3.so
rlm_chap.so rlm_eap_ttls-1.1.3.so rlm_preprocess.so
rlm_checkval-1.1.3.so rlm_eap_ttls.so rlm_radutmp-1.1.3.so
rlm_checkval.so rlm_exec-1.1.3.so rlm_radutmp.so
rlm_counter-1.1.3.so rlm_exec.so rlm_realm-1.1.3.so
rlm_counter.so rlm_expr-1.1.3.so rlm_realm.so
rlm_dbm-1.1.3.so rlm_expr.so rlm_sql-1.1.3.so
rlm_dbm.so rlm_fastusers-1.1.3.so rlm_sql.so
rlm_detail-1.1.3.so rlm_fastusers.so rlm_sql_log-1.1.3.so
rlm_detail.so rlm_files-1.1.3.so rlm_sql_log.so
rlm_digest-1.1.3.so rlm_files.so rlm_sqlcounter-1.1.3.so
rlm_digest.so rlm_ippool-1.1.3.so rlm_sqlcounter.so
rlm_eap-1.1.3.so rlm_ippool.so rlm_unix-1.1.3.so
rlm_eap.so rlm_mschap-1.1.3.so rlm_unix.so
rlm_eap_gtc-1.1.3.so rlm_mschap.so
お~TLS/TTLS関連が入ってるよ~
早速
# freeradius -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/freeradius/eap.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/freeradius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/freeradius/freeradius.pid"
main: user = "freerad"
main: group = "freerad"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
おんなじやんけ!!<`~´>
なぜだろう……(-_-;)