
<p class="wp-block-paragraph">éåéå¸ï¼é 便çåçè¨ï¼è¥æé¯èª¤è«ä¸åææã</p>



<p class="wp-block-paragraph">æ¬ç¯ä½¿ç¨Ubuntu1804çæ¬ï¼freeradius串æ¥gmail pop3sé²è¡èªèï¼<br>802.1Xçºä½¿ç¨eap-gtcæ¹æ³é²è¡èªè</p>



<!--more-->



<p class="wp-block-paragraph">å®è£freeradiusãperlåperlçsslãpop3å½å¼åº«ï¼æåå°ä½¿ç¨freeradiuså §å»ºçperl moduleä¾å®æpop3sèªèã</p>



<pre class="wp-block-code"><code>apt-get install freeradius perl libio-socket-ssl-perl libmail-pop3client-perl</code></pre>



<p class="wp-block-paragraph">編輯client.confï¼é常路å¾çºï¼/etc/freeradius/3.0/clients.conf<br>å¨clients.confçæå¾é¢ä¾ä»¥ä¸æ ¼å¼å å ¥Clientï¼</p>



<pre class="wp-block-code"><code>client WiFi {
 ipaddr = 192.168.220.16
 secret = KerKer
}</code></pre>



<p class="wp-block-paragraph">éåä¾åçºå»ºç«ä¸ååçºWiFiççClientï¼IPçº192.168.220.16ï¼ç¶éåClientä¾é²è¡Radiusè«æ±çå¯ç¢¼çºKerKerï¼å¯ä»¥ä¾èªå·±çç°å¢åæ¿æã</p>



<p class="wp-block-paragraph">å°mods-availableç®éåºä¸çperl模çµè¨å®æªè¤è£½å°mods-enabledç®é</p>



<pre class="wp-block-code"><code>cp /etc/freeradius/3.0/mods-available/perl /etc/freeradius/3.0/mods-enabled/perl</code></pre>



<p class="wp-block-paragraph">編輯mods-enabledç®éåºä¸çperlè¨å®æªï¼å°perlèªèç¨ç¨å¼æ¹çºpop3.plï¼</p>



<pre class="wp-block-code"><code> filename = ${modconfdir}/${.:instance}/example.pl
--->
 filename = ${modconfdir}/${.:instance}/pop3.pl</code></pre>



<p class="wp-block-paragraph">å°ç¯ä¾ç¨å¼example.plè¤è£½ä¸ä»½ï¼ä¸¦å½åçºpop3.plä¾æåé²è¡ä¿®æ¹ä½¿ç¨ã</p>



<pre class="wp-block-code"><code>cp /etc/freeradius/3.0/mods-config/perl/example.pl /etc/freeradius/3.0/mods-config/perl/pop3.pl</code></pre>



<p class="wp-block-paragraph">ç¶ç¶ä¸è¿°çå ©åæ¥é©ä¹å¯ä»¥ç¥éï¼ç´æ¥ç·¨è¼¯example.plä¹æ¯å¯ä»¥çã</p>



<p class="wp-block-paragraph">åä¾æåè¦ä¿®æ¹pop3.plçç¨å¼ç¢¼ï¼æåè¦å°ä¸éå§å®è£çå ©åå½å¼åº«å«é²ä¾ç¨ï¼åç¨å¼ç¢¼ä¸æ¾å°&#8221;use Data::Dumpe;&#8221;並å¨å¾é¢å ä¸&#8221;se Mail::POP3Client;&#8221;å&#8221;use IO::Socket::SSL;&#8221;ï¼</p>



<pre class="wp-block-code"><code> use Data::Dumper;
--->
 use Data::Dumper;
 use Mail::POP3Client;
 use IO::Socket::SSL;</code></pre>



<p class="wp-block-paragraph">åä¾ä¿®æ¹èªèçç¨å¼ç¢¼ï¼å¨ç¨å¼ç¢¼ä¸æ¾å° &#8220;sub authenticate {&#8221; æ大æ¬è裡çç¨å¼ç¢¼å ¨é¨ç æï¼æpop3èªèçç¨å¼ç¢¼è²¼é²å»ï¼</p>



<pre class="wp-block-code"><code> sub authenticate {
 ...
 }
---> 
 sub authenticate {
 my $pop = Mail::POP3Client->new(
 USER => $RAD_REQUEST{'User-Name'},
 PASSWORD => $RAD_REQUEST{'User-Password'},
 HOST => "pop.gmail.com",
 USESSL => 1,
 DEBUG => 1,
 );
 if($pop->Connect()){
 return RLM_MODULE_OK;
 }else{
 return RLM_MODULE_REJECT;
 }
 $pop->Close;
 }</code></pre>



<p class="wp-block-paragraph">ç¨å¼ç¢¼ä¸çmy $popé段æ¯ç¨ä¾ç¢ºèªå»ºç«POP3é£ç·çè³è¨ç¨çï¼å ¶ä¸USERãPASSWORDæ¯radiusæèªå·±å¸¶é²ä¾çï¼HOSTæ¯mail serverçIPædomainé½å¯ä»¥ï¼é裡æåç¨çæ¯gmailçserverï¼USESSLæ¯ä½¿ç¨SSLå å¯çpop3sï¼å¦æè¦ç¨googleçpop3æ¯ä¸å®è¦éçï¼DEBUGåæ¯æ¯å¦éåé¤é¯è³è¨ï¼å¦æä¹å¾æ¸¬è©¦é½ç©©å®äºä¹å¯ä»¥æ¿æã</p>



<p class="wp-block-paragraph">åä¾å°±æ¯å試建ç«pop3é£ç·ï¼å¦ææåé£ä¸ååå ±èªèOKï¼å¦ååå ±REJECTï¼æå¾éépop3é£ç·ã</p>



<p class="wp-block-paragraph">編輯/etc/freeradius/3.0/sites-available/defaultï¼å¨authorizeãauthenticateãaccountingä¸æ®µç大æ¬èå §åå¥å å ¥ä»¥ä¸å §å®¹ï¼</p>



<pre class="wp-block-code"><code>authorize {
...
 if (!control:Auth-Type &;&; User-Password) {
 update control {
 Auth-Type := Perl
 }
 }
...
}

authenticate {
...
 Auth-Type Perl { #Add Auth-Perl auth
 perl
 }
...
}

accounting {
...
 if (ok || updated) {
 update control {
 Auth-Type := Perl
 }
 }
...
}</code></pre>



<p class="wp-block-paragraph">編輯/etc/freeradius/3.0/sites-available/default/inner-tunnelï¼å¨authenticate大æ¬èå §å å ¥ä»¥ä¸å §å®¹ï¼</p>



<pre class="wp-block-preformatted">authenticate {
...
 Auth-Type Perl { #Add Auth-Perl auth
 perl
 }
...
}</pre>



<p class="wp-block-paragraph">編輯/etc/freeradius/3.0/proxy.confï¼å¨å°¾ç«¯å å ¥å §å®¹å¦ä¸ï¼</p>



<pre class="wp-block-code"><code>realm gmail.com{
 authhost = LOCAL
 accthost = LOCAL
 nostrip
}</code></pre>



<p class="wp-block-paragraph">é裡å¯ä»¥ç¢ºä¿ç¶å¸³èå å«&#8221;@gmail.com&#8221;æè½å¤ å°&#8221;@gmail.com&#8221;ä½çºå¸³èçä¸é¨ä»½ä¿çä¸ä¾ã</p>



<p class="wp-block-paragraph">å°ééå¯ä»¥éåfreeradiusæåé²è¡æ¸¬è©¦äºï¼ä»¥é¤é¯æ¨¡å¼éè¡freeradiusï¼</p>



<pre class="wp-block-code"><code>freeradius –X</code></pre>



<p class="wp-block-paragraph">è¥æ£å¸¸éè¡åæ該顯示&#8221;Ready to process requests&#8221;<br>è¥åºç¾portå·²å ç¨ä¹æ å½¢è«å試å°æåééï¼</p>



<pre class="wp-block-code"><code>service freeradius stop</code></pre>



<p class="wp-block-paragraph">å¦æä»ç¶ä¸è¡å¯ä»¥å試以ä¸æ令ç¨ä¾æ¥è©¢é²ç¨ä»£ç¢¼ï¼ä¸¦ä½¿ç¨killæ令éé該é²ç¨ï¼</p>



<pre class="wp-block-code"><code>ps -ef | grep freeradius
kill -9 <;PROCESS ID HERE></code></pre>



<p class="wp-block-paragraph">ç¶freeradiusé¤é¯æ¨¡å¼æ£ç¢ºéä½æï¼è«éåå¦ä¸återminalï¼ä¸¦ä½¿ç¨å·²ä¸æ令測試ï¼</p>



<pre class="wp-block-code"><code>radtest "User-name" "password" 127.0.0.1 0 "testing123"</code></pre>



<p class="wp-block-paragraph">ç¸ææ¬ä½è«èªè¡å¸¶å ¥mail addressåå¯ç¢¼ï¼ipå¡«å ¥æ¬æ©IPï¼æ¬æ©è«æ±çé è¨secretçºtesting123ã</p>



<p class="wp-block-paragraph">å°ééåºæ¬å¯ä»¥ç¢ºèªèmail server串æ¥æ£ç¢ºäºï¼åä¾æåè¦å802.1Xçè¨å®äºã</p>



<p class="wp-block-paragraph">ä¿®æ¹/etc/freeradius/3.0/mods-enabled/eapï¼æ¹æEAP-GTCæ¹æ³ï¼</p>



<pre class="wp-block-code"><code> eap {
 default_eap_type = md5
 peap {
 default_eap_type = mschapv2
 }
 }
--->
 eap {
 default_eap_type = peap
 peap {
 default_eap_type = gtc
 }
 }</code></pre>



<p class="wp-block-paragraph">ä¿®æ¹/etc/freeradius/3.0/sites-enabled/defaultï¼å çºGTCçauth-typeæ¯PAPï¼æåè¦å°PAPçauth-typeè¨å®çºperlï¼</p>



<pre class="wp-block-code"><code> Auth-Type PAP {
 pap
 }
--->
 Auth-Type PAP {
 perl
 }</code></pre>



<p class="wp-block-paragraph">etc/freeradius/3.0/sites-enabled/inner-tunnelä¹åç¸åçä¿®æ¹ï¼</p>



<pre class="wp-block-code"><code> Auth-Type PAP {
 pap
 }
--->
 Auth-Type PAP {
 perl
 }</code></pre>



<p class="wp-block-paragraph">å°é裡802.1Xå°±è¨å®å®æäºï¼å¯ä»¥å次ç¨é¤é¯æ¨¡å¼å·è¡freeradiusï¼ä¸¦å試ç¨802.1Xé²è¡èªèäºï¼</p>



<p class="wp-block-paragraph">ä¸éé裡éæä¸é»è¦æ³¨æçæ¯ï¼Google帳èé è¨å¼ä¸å 許æç¨ç¨å¼ååçï¼æ以æ³è¦èªèæåééè¦å°https://myaccount.google.com/securityå»éå&#8221;ä½å®å ¨æ§æç¨ç¨å¼ååæ¬&#8221;åï¼</p>



<p class="wp-block-paragraph">å¦å¤å¦æä½ çgoogle帳èæéåäºé段é©èä¹ä¸è½ä½¿ç¨é種æ¹å¼èªèï¼ä¸æ¨£å°https://myaccount.google.com/securityï¼ä¸¦æ¾å°&#8221;æç¨ç¨å¼å¯ç¢¼&#8221;é¸é ï¼å»ºç«ä¸çµä¾æç¨ç¨å¼ç»å ¥ç¨çå¯ç¢¼å°±å¯ä»¥äºï¼</p>

Freeradius+gmail+802.1X設定(POP3s)
