PPPoE with FreeRadius and MySQL: Difference between revisions

Revision as of 15:39, 2 December 2010

WHY

At my old ISP I setup the PPPoE server with the authentication part .. and I forgot how to do it again at my new workplace .. I'll take notes this time

HOW

Be sure to have your gentoo machine up to date ( emerge --sync ). On the gentoo machine:

Put this in your package.keywords ( so you get the "latest" versions ... they're stable enough ). I'm gonna use MySQL as a backend.

net-dialup/rp-pppoe **
net-dialup/ppp **

Put this in your package.use ( this will set the support for packages

net-dialup/ppp radius
dev-db/mysql -minimal
net-dialup/freeradius mysql threads

And do an "emerge mysql freeradius rp-pppoe". If this is a new mysql installation .. don't forget to "mysql_install_db && /etc/init.d/mysql start && mysql_secure_installation".

I'll only have myself as a client so in /etc/raddb/clients.conf I just changed the "secret".

Add "localhost secret" (replace secret with your secret) in /etc/ppp/radius/servers and set this up in your /etc/ppp/options

lock
mtu 1492
mru 1492
proxyarp
ms-dns your.dns.goes.here
plugin radius.so
plugin radattr.so

In /etc/raddb/radiusd.conf set user and group to "radiusd" ( without quotes ).

In /etc/raddb/sites-enabled/default in the authorize{} section comment out the eap{}, uncomment "sql". In authenticate{} comment out "pam" and "unix". In session {} uncomment "sql".

Also do a chown radiusd:radiusd /etc/raddb/certs

Edit /etc/raddb/sql/mysql/admin.sql and change the default "radpass" to something more convenient to you. Then do

mysql -u root -p < admin.sql
mysqladmin -p create radius
mysql -u root -p -D radius < schema.sql
mysql -u root -p -D radius < nas.sql

Edit /etc/raddb/sql.conf . Set up the "password" field to whatever you set for the admin.sql. In /etc/raddb/sql/mysql/dialup.conf you probably want these:

And now do something in your mysql radius tables (I'm adding myself as a test user):

<source lang="mysql">
insert into `radgroupcheck` (`groupname`, `attribute`, `op`, `value`) VALUES ('dynamic', 'Auth-Type', ':=', 'Local');
insert into `radgroupreply` (`groupname`, `attribute`, `op`, `value`) VALUES ('dynamic', 'Framed-Compression', ':=', 'Van-Jacobsen-TCP-IP');
insert into `radgroupreply` (`groupname`, `attribute`, `op`, `value`) VALUES ('dynamic', 'Framed-Protocol', ':=', 'PPP');
insert into `radgroupreply` (`groupname`, `attribute`, `op`, `value`) VALUES ('dynamic', 'Service-Type', ':=', 'Framed-User');
insert into `radgroupreply` (`groupname`, `attribute`, `op`, `value`) VALUES ('dynamic', 'Framed-MTU', ':=', '1500');
insert into `radusergroup` (`username`, `groupname`) VALUES ('dexter', 'dynamic');
insert into `radcheck` (`username`, `attribute`, `op`, `value`) VALUES ('dexter', 'Password', '==', 'P4ssw0rd');

OTHER RESOURCES

PPPoE Server HOW-TO

FreeRadius with MySQL HowTo Notes

PPPoE with FreeRadius and MySQL: Difference between revisions

Revision as of 15:39, 2 December 2010

WHY

HOW

OTHER RESOURCES

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Tools

@@ Line 5: / Line 5: @@
 ==HOW==
-On the gentoo machine:
+Be sure to have your gentoo machine up to date ( emerge --sync ). On the gentoo machine:
-Put this in your package.keywords ( so you get the "latest" versions ... they're stable enough )
+Put this in your package.keywords ( so you get the "latest" versions ... they're stable enough ). I'm gonna use MySQL as a backend.
 net-dialup/rp-pppoe ** <br/>
@@ Line 21: / Line 21: @@
 I'll only have myself as a client so in /etc/raddb/clients.conf I just changed the "secret".
+Add "localhost secret" (replace secret with your secret) in /etc/ppp/radius/servers and set this up in your /etc/ppp/options
+<source lang="text">
+lock
+mtu 1492
+mru 1492
+proxyarp
+ms-dns your.dns.goes.here
+plugin radius.so
+plugin radattr.so
+</source>
+In /etc/raddb/radiusd.conf set user and group to "radiusd" ( without quotes ).
+In /etc/raddb/sites-enabled/default in the authorize{} section comment out the eap{}, uncomment "sql". In authenticate{} comment out "pam" and "unix". In session {} uncomment "sql".
+Also do a chown radiusd:radiusd /etc/raddb/certs
 Edit /etc/raddb/sql/mysql/admin.sql and change the default "radpass" to something more convenient to you. Then do
-<script lang="bash">
+<source lang="bash">
 mysql -u root -p < admin.sql
 mysqladmin -p create radius
 mysql -u root -p -D radius < schema.sql
-</script>
+mysql -u root -p -D radius < nas.sql
+</source>
+Edit /etc/raddb/sql.conf . Set up the "password" field to whatever you set for the admin.sql. In /etc/raddb/sql/mysql/dialup.conf you probably want these:
+<source lang="text"
+sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"
+</source>
+And now do something in your mysql radius tables (I'm adding myself as a test user):
+<source lang="mysql">
+insert into `radgroupcheck` (`groupname`, `attribute`, `op`, `value`) VALUES ('dynamic', 'Auth-Type', ':=', 'Local');
+insert into `radgroupreply` (`groupname`, `attribute`, `op`, `value`) VALUES ('dynamic', 'Framed-Compression', ':=', 'Van-Jacobsen-TCP-IP');
+insert into `radgroupreply` (`groupname`, `attribute`, `op`, `value`) VALUES ('dynamic', 'Framed-Protocol', ':=', 'PPP');
+insert into `radgroupreply` (`groupname`, `attribute`, `op`, `value`) VALUES ('dynamic', 'Service-Type', ':=', 'Framed-User');
+insert into `radgroupreply` (`groupname`, `attribute`, `op`, `value`) VALUES ('dynamic', 'Framed-MTU', ':=', '1500');
+insert into `radusergroup` (`username`, `groupname`) VALUES ('dexter', 'dynamic');
+insert into `radcheck` (`username`, `attribute`, `op`, `value`) VALUES ('dexter', 'Password', '==', 'P4ssw0rd');
+</source>
+==OTHER RESOURCES==
+[http://www.freeantennas.com/PPPoE-Server-HOWTO.html PPPoE Server HOW-TO]
+[http://www.frontios.com/freeradius.html FreeRadius with MySQL HowTo Notes]