
<p class="wp-block-paragraph">éåéå¸ï¼é 便çåçè¨ï¼è¥æé¯èª¤è«ä¸åææã</p>



<p class="wp-block-paragraph">æ¬ç¯ä½¿ç¨Ubuntu1804çæ¬ï¼freeradius串æ¥ldapé²è¡èªèï¼<br>802.1Xçºä½¿ç¨eap-gtcæ¹æ³é²è¡èªè</p>



<!--more-->



<p class="wp-block-paragraph">å®è£freeradiusåfreeradius-ldapå¥ä»¶</p>



<pre class="wp-block-code"><code>apt-get install freeradius freeradius-ldap</code></pre>



<p class="wp-block-paragraph">編輯client.confï¼é常路å¾çºï¼/etc/freeradius/3.0/clients.conf<br>å¨clients.confçæå¾é¢ä¾ä»¥ä¸æ ¼å¼å å ¥Clientï¼</p>



<pre class="wp-block-code"><code>client WiFi {
 ipaddr = 192.168.220.16
 secret = KerKer
}</code></pre>



<p class="wp-block-paragraph">éåä¾åçºå»ºç«ä¸ååçºWiFiççClientï¼IPçº192.168.220.16ï¼ç¶éåClientä¾é²è¡Radiusè«æ±çå¯ç¢¼çºKerKerï¼å¯ä»¥ä¾èªå·±çç°å¢åæ¿æã</p>



<p class="wp-block-paragraph">å°mods-availableç®éåºä¸çldap模çµè¨å®æªè¤è£½å°mods-enabledç®é</p>



<pre class="wp-block-code"><code>cp /etc/freeradius/3.0/mods-available/ldap /etc/freeradius/3.0/mods-enabled/ldap</code></pre>



<p class="wp-block-paragraph">編輯mods-enabledç®éåºä¸çldapè¨å®æªï¼æ¾å°ä»¥ä¸å §å®¹ä¸¦æ¿ææèªå·±ç°å¢çldap serveråæ¸ï¼</p>



<pre class="wp-block-code"><code> server = 'localhost'
 #identity = 'cn=admin,dc=example,dc=org'
 #password = mypass 
 base_dn = 'dc=example,dc=org'
--->
 server = '192.168.220.17'
 identity = 'cn=admin,dc=KerKer'
 password = KerKer
 base_dn = 'dc=KerKer'</code></pre>



<p class="wp-block-paragraph">å¦ææé濾èªèuser身åçéæ±ï¼å¨/etc/freeradius/3.0/mods-enabled/ldapçuserä¸æ¾å°filteré¸é 並ä¾éæ±èªè¡ä¿®æ¹ï¼</p>



<pre class="wp-block-code"><code> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
--->
 filter = "(&;(uid=%{%{Stripped-User-Name}:-%{User-Name}})(sn=%{%{Stripped-User-Name}:-%{User-Name}}))"</code></pre>



<p class="wp-block-paragraph">ä¸é¢çä¾åæ¯æè¦æ±é濾uidåsnå ©åæ¬ä½é½è¦åèªè帳èç¸åæè½å¤ åç»å ¥(é è¨æ¯uidæ¬ä½èèªè帳èç¸å)</p>



<p class="wp-block-paragraph">編輯/etc/freeradius/3.0/sites-enabled/defaultï¼å°LDAPç¸éè¨å®åæ¶è¨»è§£ï¼</p>



<pre class="wp-block-code"><code> #Auth-Type LDAP {
 # ldap
 #}
---> 
 Auth-Type LDAP {
 ldap
 }</code></pre>



<p class="wp-block-paragraph">編輯/etc/freeradius/3.0/sites-enabled/inner-tunnelï¼ä¸æ¨£å°LDAPç¸éè¨å®åæ¶è¨»è§£ï¼</p>



<pre class="wp-block-code"><code> #Auth-Type LDAP {
 # ldap
 #}
---> 
 Auth-Type LDAP {
 ldap
 }</code></pre>



<p class="wp-block-paragraph">å°ééå¯ä»¥éåfreeradiusæåé²è¡æ¸¬è©¦äºï¼ä»¥é¤é¯æ¨¡å¼éè¡freeradiusï¼</p>



<pre class="wp-block-code"><code>freeradius –X</code></pre>



<p class="wp-block-paragraph">è¥æ£å¸¸éè¡åæ該顯示&#8221;Ready to process requests&#8221;<br>è¥åºç¾portå·²å ç¨ä¹æ å½¢è«å試å°æåééï¼</p>



<pre class="wp-block-code"><code>service freeradius stop</code></pre>



<p class="wp-block-paragraph">å¦æä»ç¶ä¸è¡å¯ä»¥å試以ä¸æ令ç¨ä¾æ¥è©¢é²ç¨ä»£ç¢¼ï¼ä¸¦ä½¿ç¨killæ令éé該é²ç¨ï¼</p>



<pre class="wp-block-code"><code>ps -ef | grep freeradius
kill -9 <;PROCESS ID HERE></code></pre>



<p class="wp-block-paragraph">ç¶freeradiusé¤é¯æ¨¡å¼æ£ç¢ºéä½æï¼è«éåå¦ä¸återminalï¼ä¸¦ä½¿ç¨å·²ä¸æ令測試ï¼</p>



<pre class="wp-block-code"><code>radtest "User-name" "password" 127.0.0.1 0 "testing123"</code></pre>



<p class="wp-block-paragraph">ç¸ææ¬ä½è«èªè¡å¸¶å ¥ldapä¸æç帳èåå¯ç¢¼ï¼ipå¡«å ¥æ¬æ©IPï¼æ¬æ©è«æ±çé è¨secretçºtesting123ã</p>



<p class="wp-block-paragraph">å°ééåºæ¬å¯ä»¥ç¢ºèªèldap server串æ¥æ£ç¢ºäºï¼åä¾æåè¦å802.1Xçè¨å®äºã</p>



<p class="wp-block-paragraph">éé使ç¨çæ¯EAP-GTPæ¹æ³ï¼å¥½èæ¯LDAP serverä¸ç¨åä»»ä½ä¿®æ¹ï¼å£èæ¯windows主æ©è¨å®è¤éï¼ä½ææ©æ該é½æå §å»ºæ¯æ´ã</p>



<p class="wp-block-paragraph">ä¿®æ¹/etc/freeradius/3.0/mods-enabled/eapï¼æ¹æEAP-GTCæ¹æ³ï¼</p>



<pre class="wp-block-code"><code> eap {
 default_eap_type = md5
 peap {
 default_eap_type = mschapv2
 }
 }
--->
 eap {
 default_eap_type = peap
 peap {
 default_eap_type = gtc
 }
 }</code></pre>



<p class="wp-block-paragraph">ä¿®æ¹/etc/freeradius/3.0/sites-enabled/defaultï¼å çºGTCçauth-typeæ¯PAPï¼æåè¦å°PAPçauth-typeè¨å®çºldapï¼</p>



<pre class="wp-block-code"><code> Auth-Type PAP {
 pap
 }
--->
 Auth-Type PAP {
 ldap
 }</code></pre>



<p class="wp-block-paragraph">/etc/freeradius/3.0/sites-enabled/inner-tunnelä¹åç¸åçä¿®æ¹ï¼</p>



<pre class="wp-block-code"><code> Auth-Type PAP {
 pap
 }
--->
 Auth-Type PAP {
 ldap
 }</code></pre>



<p class="wp-block-paragraph">å°é裡802.1Xå°±è¨å®å®æäºï¼å¯ä»¥å次ç¨é¤é¯æ¨¡å¼å·è¡freeradiusï¼ä¸¦å試ç¨802.1Xé²è¡èªèï¼</p>

Freeradius+ldap+802.1X設定
