02Network - amagerard/FreeRadius GitHub Wiki
| 01 Sypnoptic | 02 Network | 03 FreeRadius | 04 InstanceDefault | |
|---|---|---|---|---|
| 05 InstanceSql | 06 InstanceLdap | 07 InstanceAD | 08 Selinux | 09 GnomeShell |
| DaloRadius | OpenLdap | SambaAD |
- VM Freeradius is a clone of TemplateVM. See TemplateVM-Installation .
- A DNS server . See Powerdns-Installation.
february 10 ,2025.
This is the RedHat version 9.5
OpenSSL 3.0.7-27 from live CD Almalinux 9.4 to generate only the Certification Authority.
MariaDB-server-11.6.2
php 8.4
Freeradius 3.2.7
It's not apache but nginx
The status of selinux is 'permissive'.
vi /etc/crontab
@reboot root setenforce 0
The 5 subnets were created by pfsense.
SRVAD: 192.168.40.0/24
RADIUS: 192.168.50.0/24
SRV: 192.168.60.0/24
MYSQL: 192.168.70.0/24
DNS: 192.168.90.0/24
See Synoptic Freeradius.
This procedure is based on this example.
Ip freeradius: 192.168.50.41
Gateway freeradius : 192.168.50.254
Ip dns1 : 192.168.90.41
Domain : ol26modk.com
Servers name:
freeradius.ol26modk.com
dns1.ol26modk.com
vi /etc/hostname
freeradius
Au prompt vous aurez : <username>@freeradius.
This file is consulted before access to the Internet.
vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.50.41 freeradius.ol26modk.com freeradius
vi /etc/sysconfig/network
# Created by anaconda
# # Created by anaconda
networking=yes
HOSTNAME=freeradius.ol26modk.com
Change Network.
Example:
IP: 192.168.50.41/24
Gateway: 192.168.50.254
Name Server: 192.168.90.41
Search domain: ol26modk.com
nmcli con mod eth0 ipv4.method "manual" ipv4.addresses 192.168.50.41/24
nmcli con mod eth0 ipv4.gateway 192.168.50.254
nmcli con mod eth0 ipv4.dns 192.168.90.41
nmcli con mod eth0 ipv4.dns-search ol26modk.com
Read the new network configuration.
more /etc/NetworkManager/system-connections/eth0.nmconnection
Apply the new network configuration.
ifconfig eth0 0.0.0.0
systemctl restart NetworkManager
ifconfig eth0
Update :
RedHat may ask you to make a new subscription.
subscription-manager register --username <username> --password <password> --auto-attach --force
dnf update
Uninstall msmtp if you are using a mail server.
dnf remove msmtp
Take over the rules of the TemplateVM firewall.
See Firewall Configuration.
vi /etc/ufw/applications.d/ufw-custom
[RADIUS 1812]
title=Radius-1812-13
description=freeradius 1812-1813
ports=1812,1813/tcp|1812,1813/udp
[RADIUS 2812]
title=Radius-2812-13
description=freeradius 2812-2813
ports=2812,2813/tcp|2812,2813/udp
[RADIUS 3812]
title=Radius-3812-13
description=freeradius 3812-3813
ports=3812,3813/tcp|3812,3813/udp
[MYSQL]
title=Mysql
description=Mysql 3306
ports=3306/tcp
ufw reload
ufw allow 'RADIUS 1812'
ufw allow 'RADIUS 2812'
ufw allow 'RADIUS 3812'
ufw allow OUT 'RADIUS 1812'
ufw allow OUT 'RADIUS 2812'
ufw allow OUT 'RADIUS 3812'
ufw allow OUT MYSQL
ufw allow OUT ldap
ufw status verbose
Status: active
Logging: on (medium)
Default: deny (incoming), deny (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN 192.168.20.0/29
1812,1813/tcp (RADIUS 1812) ALLOW IN Anywhere
1812,1813/udp (RADIUS 1812) ALLOW IN Anywhere
2812,2813/tcp (RADIUS 2812) ALLOW IN Anywhere
2812,2813/udp (RADIUS 2812) ALLOW IN Anywhere
3812,3813/tcp (RADIUS 3812) ALLOW IN Anywhere
3812,3813/udp (RADIUS 3812) ALLOW IN Anywhere
80,443/tcp (WWW Full) ALLOW OUT Anywhere
25/tcp (SMTP) ALLOW OUT Anywhere
53 (DNS) ALLOW OUT Anywhere
67,68/udp (DHCP) ALLOW OUT Anywhere
123/udp (NTP2) ALLOW OUT Anywhere
465/tcp (SMTP SSL) ALLOW OUT Anywhere
587/tcp (SMTP TLS) ALLOW OUT Anywhere
993/tcp (IMAP SSL) ALLOW OUT Anywhere
143/tcp (IMAP TLS) ALLOW OUT Anywhere
3306/tcp (MYSQL) ALLOW OUT Anywhere
389 ALLOW OUT Anywhere
3812,3813/tcp (RADIUS 3812) ALLOW OUT Anywhere
3812,3813/udp (RADIUS 3812) ALLOW OUT Anywhere
1812,1813/tcp (RADIUS 1812) ALLOW OUT Anywhere
1812,1813/udp (RADIUS 1812) ALLOW OUT Anywhere
2812,2813/tcp (RADIUS 2812) ALLOW OUT Anywhere
2812,2813/udp (RADIUS 2812) ALLOW OUT Anywhere