Alamsyah Rasyid Blogry

Ini catatan proses install radius di FreeBSD jail kemaren, niat awal kemaren sih mo install email server utk di oprek dan bahan latihan tim edp. Berhubung mau tambah dukungan radius ke sistem auth hotspot jadinya di install radius dulu sekalian supaya gak hilang plus kl saya lupa bisa merujuk ke sini :-)

Begini proses step by stepnya :

Pastikan ports sudah di update ke versi terakhir.

1. Install FreeRadius, enablekan dukungan MYSQL saja.

2. Install MYSQL server.

3. Ubah rc.conf, tambahkan baris ini :

mysql_enable=”YES”

radiusd_enable=”YES”

4. Konfigurasi database dan impor sql

Jalankan Database

mailserver# /usr/local/etc/rc.d/mysql-server start
Starting mysql.

mailserver# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.0.51a FreeBSD port: mysql-server-5.0.51a

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| mysql |
+——————–+
2 rows in set (0.00 sec)

mysql> create database freeradius;
Query OK, 1 row affected (0.00 sec)

Impor Database

mailserver# pwd
/usr/local/share/doc/freeradius/examples
mailserver# mysql -uroot -p freeradius < mysql.sql
Enter password:
mailserver#

Grant akses ke database freeradius

mysql> grant all privileges on freeradius.* to radius@localhost identified by ‘palcomtech123’ with grant option;

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

5. Modifikasi setting file2 terkait.

mailserver# cd /usr/local/etc/raddb

Modif sql.conf

mailserver# ee sql.conf

# Connect info
server = “localhost”
login = “radius”
password = “palcomtech123”

# Database table configuration
radius_db = “freeradius”

simpan.

Modif akses ke client radius :

mailserver# ee clients.conf

secret = palcomtech123

simpan.

Modif radiusd.conf

mailserver# ee radiusd.conf

cari ’sql’ di bagian authorize dan accounting. Buang tanda # di depannya.

6. Jalankan service radius

mailserver# /usr/local/etc/rc.d/radiusd start
Starting radiusd.
Thu Jul 10 06:52:32 2008 : Info: Starting – reading configuration files …

mailserver# ps -ax | grep radius
96134 ?? IsJ 0:00.00 /usr/local/sbin/radiusd
96248 p0 S+J 0:00.00 grep radius

7. Tes servicenya

mailserver# ee users

Tambahkan baris ini di paling bawah :

alamster Auth-Type := Local, User-Password == “testpass”

Testing di jalankan ::

mailserver# radtest alamster testpass localhost 1812 palcomtech123
Sending Access-Request of id 114 to 127.0.0.1 port 1812
User-Name = “alamster”
User-Password = “testpass”
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
Re-sending Access-Request of id 114 to 127.0.0.1 port 1812
User-Name = “alamster”
User-Password = “testpass”
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812

radclient: no response from server for ID 184

Waduh, cek lognya dulu neh.

mailserver# tail -f radius.log
Thu Jul 10 07:22:01 2008 : Error: Ignoring request from unknown client 172.88.1.5:56020
Thu Jul 10 07:22:04 2008 : Error: Ignoring request from unknown client 172.88.1.5:56020

Oooo, ternyata ini soalnya.

Ubah isi clients.conf , tambahkan baris ini :

client 172.88.1.0/24 {
secret = palcomtech212
shortname = private-network-1
}

simpan dan restart radiusnya.

Coba tes lagi ::

mailserver# radtest alamster testpass localhost 1812 palcomtech123
Sending Access-Request of id 80 to 127.0.0.1 port 1812
User-Name = “alamster”
User-Password = “testpass”
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
Re-sending Access-Request of id 80 to 127.0.0.1 port 1812
User-Name = “alamster”
User-Password = “testpass”
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rad_recv: Access-Reject packet from host 172.88.1.5:1812, id=80, length=20
radclient: received response to request we did not send.
Re-sending Access-Request of id 80 to 127.0.0.1 port 1812
User-Name = “alamster”
User-Password = “testpass”
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
^C
mailserver# radtest alamster testpass localhost 1812 palcomtech212
Sending Access-Request of id 178 to 127.0.0.1 port 1812
User-Name = “alamster”
User-Password = “testpass”
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rad_recv: Access-Accept packet from host 172.88.1.5:1812, id=178, length=20
radclient: received response to request we did not send.

Coba pake host lain utk koneksinya ::

mailserver# radtest alamster testpass 172.88.1.5 1812 palcomtech212
Sending Access-Request of id 102 to 172.88.1.5 port 1812
User-Name = “alamster”
User-Password = “testpass”
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rad_recv: Access-Accept packet from host 172.88.1.5:1812, id=102, length=20

OK. Lanjut mang :-)

8. Input data tes

mailserver# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.0.51a FreeBSD port: mysql-server-5.0.51a

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql> use freeradius;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql>

Insert data dummy

mysql> INSERT INTO radcheck (UserName, Attribute, Value) VALUES (’alamster’, ‘Password’, ‘palcomtech’);

mysql> INSERT INTO radgroupcheck (GroupName, Attribute, Value) VALUES (’dynamic’, ‘Auth-Type’, ‘Local’);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Framed-Compression’, ‘:=’,

‘Van-Jacobsen-TCP-IP’);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Framed-Protocol’, ‘:=’, ‘PPP’);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Service-Type’, ‘:=’, ‘Framed-User’);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Framed-MTU’, ‘:=’, ‘1500′);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘X-Ascend-Assign-IP-Pool’, ‘:=’, ‘0′);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘X-Ascend-Maximum-Time’, ‘:=’, ‘7200′);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘X-Ascend-Route-IP’, ‘:=’,

‘Route-IP-Yes’);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO radgroupreply (GroupName, Attribute, op, Value) VALUES (’dynamic’, ‘Idle-Timeout’, ‘:=’, ‘1800′);
Query OK, 1 row affected (0.00 sec)

mysql> INSERT INTO usergroup (UserName, GroupName) VALUES (’alamster’,’dynamic’);
Query OK, 1 row affected (0.01 sec)

mysql> exit
Bye

9. Tes ulang authentifikasinya

mailserver# radtest alamster palcomtech 172.88.1.5 1812 palcomtech212
Sending Access-Request of id 170 to 172.88.1.5 port 1812
User-Name = “alamster”
User-Password = “palcomtech”
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rad_recv: Access-Accept packet from host 172.88.1.5:1812, id=170, length=68
Framed-Compression = Van-Jacobson-TCP-IP
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-MTU = 1500
X-Ascend-Assign-IP-Pool = 0
X-Ascend-Maximum-Time = 7200
X-Ascend-Route-IP = Route-IP-Yes
Idle-Timeout = 1800
mailserver#

OK. Sampai disini server radius sudah berhasil di install, bisa di gunakan untuk auth di hotspot mikrotik.

Dgn data :

IP : 172.88.1.5

Port : 1812

secret key : palcomtech212

Incoming search terms for the article:

• install radius di freebsd
• radius freebsd
• radclient no response from server
• konfigurasi freeradius freebsd
• konfigurasi freebsd freeradius