CS & IT Solutions

Compiling the Kernel
After installing FreeBSD, compiling the kernel.

Via sysinstall:

# Sysinstall
Configure
Distributions
[x] src
[x] sys

# Cd / sys/i386/conf /
Hostname # cp GENERIC
Hostname # ee

Include at the end of file:

# firewall options IPFIREWALL
options IPFIREWALL_VERBOSE # enable logging to syslogd (8)
options IPFIREWALL_VERBOSE_LIMIT = 100 # limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default
options IPFIREWALL_FORWARD # packet destination changes
IPFILTER options
IPFILTER_LOG options
options IPDIVERT # divert sockets
options IPSTEALTH # support for stealth forwarding
DUMMYNET options
options HZ = 1000
ALTQ options
options ALTQ_CBQ # Class Bases Queuing
options ALTQ_RED # Random Early Drop
options ALTQ_RIO # RED In / Out
# options ALTQ_HFSC Hierarchical Packet Scheduler
options ALTQ_CDNR # Traffic conditioner
options ALTQ_PRIQ # Priority Queuing
netgraph options
NETGRAPH_PPPOE options
NETGRAPH_SOCKET options
NETGRAPH_IFACE options
options BRIDGE

# Config SEUKERNEL
# Cd .. / compile / SEUKERNEL
# Make depend
# Make
# Make install
# Reboot

Update the ports
Update the ports before you begin installing the packages:

# Portsnap fetch extract

Installing PPPoE
Edit the file:

# Ee / etc / ppp / ppp.conf

Delete everything and paste the configs below:

Ppp.conf ######## ########
BEGIN ######### ##########
default:
set log Chat Command Phase # Enables the client logged.
# enable pap pap Enables authentication (password authentication protocol)
enable chap # Activate account CHAP (Challenge Handshake Authentication Protocol)
# enable echo Sending LCP echos (Check if the link is active)
# 5 September echoperiod Shipping time for each echo (After 5 failures the tun is disconnected)
allow mode direct # Turn on ppp bridging
enable proxy # Enables ppp proxyarping
# How to disable IPV6CP not use IPV6, we do not want their mistakes
September mru 1492 # Set the MRU below 1500
September mtu 1492 # Set the MRU below 1500
September ifaddr 192.168.1.1 192.168.1.2-192.168.1.100 # gateway and range of IPs
set speed sync #
set timeout 0 #
enable lqr #
accept dns # DNS accepted
September radius / etc / radius.conf # Active Radius and specifies where the connection file
END ########### ##########
Ppp.conf ######## ########

Edit / etc / radius.conf (create this file).

RADIUS.CONF ###### ######
BEGIN ######### #########
# # # # type # # # # server password # ######
auth localhost senharadius
acct localhost senharadius

RADIUS.CONF ###### ######
########## END ##########

Edit / etc / rc.conf:

RC.CONF ######## ########
BEGIN ######### #########
defaultrouter = “200.200.200.1″

gateway_enable = “YES”
hostname = “pppoe.dominio.com.br”

ifconfig_rl0 = “UP”

ifconfig_bge0 = “inet 200,200,200,200 netmask 255.255.255.0″ # IP WAN

sendmail_enable = “None”
keymap = “us.iso”
linux_enable = “YES”
sshd_enable = “YES”
usbd_enable = “YES”

# MYSQL
mysql_enable = “YES”

# FreeRADIUS
radiusd_enable = “YES”

# PPPOE SERVER
pppoed_enable = “YES”
pppoed_flags = “-d-P / var / run / pppoed.pid-a” server “-l” default “”
pppoed_interface = “rl0″

# IPFW
firewall_enable = “YES”
firewall_script = “/ etc / ipfw.rules”

# NAT
natd_enable = “YES”
natd_flags = “-config / etc / natd.conf”

########## END ##########
RC.CONF ######## ########

Edit / etc / natd.conf:

NATD.CONF ####### #######
BEGIN ######### #########
use_sockets yes
alias_address IP_EXT
punch_fw 500:100
########## END ##########
NATD.CONF ####### #######

Edit the firewall in / etc / ipfw.rules:

####### Ipfw.rules ######
BEGIN ######### #########

/ sbin / ipfw-f flush
/ sbin / ipfw add divert natd via bge0
/ sbin / ipfw add pass all from any to any

########### END #########
####### Ipfw.rules ######

Let’s install MySQL:

# Cd / usr/ports/databases/mysql50-server /
# Make install clean

Time to run mysql (confirm rc.conf above):

# / Usr / local / etc / rc.d / mysql-server start
# / Usr / local / bin / mysql_install_db

Set the root password:

# / Usr / local / bin / mysqladmin-u root password ‘new-password’

Test the mysql:

# Mysql-p
Enter password:

We will prepare the database with their respective tables:

mysql> create database radius;
mysql> use database;

Creating tables
Creating tables for authentication (paste the content below the terminal MySQL):

CREATE TABLE radacct (
RadAcctId bigint (21) NOT NULL,
AcctSessionId varchar (32) NOT NULL default”,
AcctUniqueId varchar (32) NOT NULL default”,
UserName varchar (64) NOT NULL default”,
Realm varchar (64) default”,
NASIPAddress varchar (15) NOT NULL default”,
NASPortId varchar (15) default NULL,
NASPortType varchar (32) default NULL,
AcctStartTime datetime NOT NULL default ’0000-00-00 00:00:00 ‘,
AcctStopTime datetime NOT NULL default ’0000-00-00 00:00:00 ‘,
AcctSessionTime int (12) default NULL,
AcctAuthentic varchar (32) default NULL,
ConnectInfo_start varchar (50) default NULL,
ConnectInfo_stop varchar (50) default NULL,
AcctInputOctets bigint (12) default NULL,
AcctOutputOctets bigint (12) default NULL,
CalledStationId varchar (50) NOT NULL default”,
CallingStationId varchar (50) NOT NULL default”,
AcctTerminateCause varchar (32) NOT NULL default”,
ServiceType varchar (32) default NULL,
FramedProtocol varchar (32) default NULL,
FramedIPAddress varchar (15) NOT NULL default”,
AcctStartDelay int (12) default NULL,
AcctStopDelay int (12) default NULL,
PRIMARY KEY (RadAcctId)
KEY UserName (UserName),
KEY FramedIPAddress (FramedIPAddress)
KEY AcctSessionId (AcctSessionId)
KEY AcctUniqueId (AcctUniqueId)
KEY AcctStartTime (AcctStartTime)
KEY AcctStopTime (AcctStopTime)
KEY NASIPAddress (NASIPAddress)
);

CREATE TABLE Radcheck (
id int (11) unsigned NOT NULL,
UserName varchar (64) NOT NULL default”,
Attribute varchar (32) NOT NULL default”,
op char (2) NOT NULL DEFAULT’==’,
Value varchar (253) NOT NULL default”,
PRIMARY KEY (id),
KEY UserName (UserName (32))
);

CREATE TABLE radgroupcheck (
id int (11) unsigned NOT NULL,
GroupName varchar (64) NOT NULL default”,
Attribute varchar (32) NOT NULL default”,
op char (2) NOT NULL DEFAULT’==’,
Value varchar (253) NOT NULL default”,
PRIMARY KEY (id),
KEY GroupName (GroupName (32))
);

CREATE TABLE radgroupreply (
id int (11) unsigned NOT NULL,
GroupName varchar (64) NOT NULL default”,
Attribute varchar (32) NOT NULL default”,
op char (2) NOT NULL DEFAULT ‘=’,
Value varchar (253) NOT NULL default”,
PRIMARY KEY (id),
KEY GroupName (GroupName (32))
);

CREATE TABLE radreply (
id int (11) unsigned NOT NULL,
UserName varchar (64) NOT NULL default”,
Attribute varchar (32) NOT NULL default”,
op char (2) NOT NULL DEFAULT ‘=’,
Value varchar (253) NOT NULL default”,
PRIMARY KEY (id),
KEY UserName (UserName (32))
);

CREATE TABLE usergroup (
UserName varchar (64) NOT NULL default”,
GroupName varchar (64) NOT NULL default”,
priority int (11) NOT NULL default ’1 ‘,
KEY UserName (UserName (32))
);

CREATE TABLE radpostauth (
id int (11) NOT NULL,
user varchar (64) NOT NULL default”,
pass varchar (64) NOT NULL default”,
reply varchar (32) NOT NULL default”,
date timestamp (14) NOT NULL,
PRIMARY KEY (id)
);

In CREATE TABLE (
id int (10) NOT NULL,
nasname varchar (128) NOT NULL,
shortname varchar (32),
type varchar (30) DEFAULT ‘other’,
ports int (5),
secret varchar (60) DEFAULT ‘secret’ NOT NULL,
community varchar (50),
description varchar (200) DEFAULT ‘RADIUS Client’,
PRIMARY KEY (id),
KEY nasname (nasname)
);

mysql> exit

Installing FreeRadius
# Cd / usr / ports / net / freeradius
# Make config

Select the options below:

Options for freeradius 1.1.6
[X] With KERBEROS Kerberos support
[X] HEIMDAL With Heimdal Kerberos support
[] With LDAP LDAP database support
[X] MYSQL With MySQL database support
[] PGSQL With PostgreSQL database support
[] With FIREBIRD Firebird database support (EXPERIMENTAL)
[] With SNMP support SNMP
[] EDIR With Novell eDirectory support
[] NOPERL Do not require perl (use only if necessary)
[] Build EXPERIMENTAL experimental modules

# Make install clean

Now, let’s configure the FreeRadius:

Enter the folder:

# Cd / usr / local / etc / raddb /

Editing the clients.conf:

# Ee clients.conf

CLIENTS.CONF ##### ######
BEGIN ######### #########
client 127.0.0.1 (
secret = senharadius
shortname = localhost
nastype = other
########## END ##########
CLIENTS.CONF ##### ######

Using Freeradius + MySQL, we do not need to configure the users file. We will put this information in the database itself.

Editant file sql.conf.

Just edit the beginning of the file with the settings of your server:

# Ee sql.conf

sql (
# Type of database
driver = “rlm_sql_mysql”

# Fitting Information
server = “ip_server”
login = “USER”
password = “SENHA_BD”

# Name of database
radius_db = “radius”

Editing the file radiusd.conf

Look for the line “authorize”

The following are the new options for SQL:

authorize (

preprocess

# Auth_log

# Attr_filter

chap

mschap

# Digest

# IPASS

# Suffix

# Ntdomain

# Eap

# Files

sql

# Etc_smbpasswd

# Ldap

# Daily

# Checkval

)

# Session authentication

# Responsible for checking the type of authentication used

authenticate (

Auth-Type PAP (

pap

)

Auth-Type CHAP (

chap

)

Auth-Type MS-CHAP (

mschap

)

# Digest

pam

# Unix

# Auth-Type LDAP (

# Ldap

#)
# Eap

)

Session # Pre-accounting. Decide which type of accounting using

preacct (

# Preprocess

# Acct_unique

# Home server as authentication requests.

# IPASS

# Suffix

# Ntdomain

#

# Read the ‘acct_users’ file

# Files

)
Session # Accounting. Join accounting data

accounting (

# Detail

# Daily

# Unix

# Radutmp

# Sradutmp

# Main_pool

sql

# Pgsql-voip

)
# Control Session When does the session control to prevent simultaneous connections (prevents the name of User

# Connect several times from different locations at the same time with the same login)

session (

# Radutmp

sql

)

post-auth (

# Main_pool

# Reply_log

# Sql

# Post-Auth-Type REJECT (

# Insert-module-name-here

#)

)
pre-proxy (

# Attr_rewrite

# Pre_proxy_log

)

post-proxy (

# Post_proxy_log

# Attr_rewrite

# Attr_filter

eap

)

Now let’s test these settings:

# Radiusd-x

If the message:

Starting – reading configuration files …
Using deprecated naslist file. Support for this will go away soon.
There appears to be another RADIUS server running on the authentication port 1812

Stop the freeradius:

# / Usr / local / etc / rc.d / radiusd stop

Make sure the file is rc.conf as described above.

Rerun the command:

# Radiusd-x

Check the test lines rlm_sql if there was a connection to the database. The test is in standby mode:

Initializing the thread pool …
Listening on authentication *: 1812
Listening on accounting *: 1813
Ready to process requests.

Complete test:

Ctrl + C

Let’s create a User Test:

Enter the mysql:

# Mysql-p
Enter password:

INSERT INTO `radreply` VALUES (1, ‘user’, ‘Framed-IP-Address’,'==’, ’192 .168.1.2′);

INSERT INTO `Radcheck` VALUES (1, ‘user’, ‘Password’,'==’, ‘password’);

mysql> exit

Let’s try this user:

# User password radtest IP_DO_RADIUS 0 senharadius

If authenticated will display the following message:

Sending Access-Request of id 0 to 127.0.0.1 port 1812
User-Name = “user”
User-Password = “password”
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id = 0, length = 26
Framed-IP-Address = 192.168.1.2

Testing connection
Okay, now we can connect a PC with a cable cross rl0 on board and make a PPPoE connection.

Let’s make install clean
source here