Skip to main content

Authentifikasi vpn ISA Server 2006 with freeradius (ubuntu 9.10)

--knowing--
just alternative user management untuk koneksi vpn ke ISA Server dengan menggunakan freeradius yang terinstall di ubuntu 9.10

--1--

instalalsi freeradius and mysql

[root@game]#apt-get install freeradius*
[root@game]#apt-get install mysql-server mysql-client phpmysql vim
[root@game]# freeradius -v
freeradius: FreeRADIUS Version 2.1.0....
.......

--note -> buat database bisa pake mysql or phpmyadmin. Default database 'radius'. Kemudian import scema database dari freeradius ke mysql.


[root@game]#mysql -u root 
mysql>create database radius;
mysql>GRANT ALL ON radius.* TO radius@localhost IDENTIFIED BY "password";
mysql>exit;
[root@game]# mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql

--2--

[root@game]#vim /etc/freeradius/radiusd.conf 
# set 
proxy_requests  = yes
# to
proxy_requests  = no

[root@game]#vim /etc/freeradius/sql.conf 
#set koneksinya ke database mysql
server = "localhost"
login = "root"
password = "pass-mysql"

#dan uncoment baris dibawah ini

readclients = yes


[root@game]#vim  /etc/freeradius/sites-enabled/default
#hilangkan tanda # di depan "sql" di
authorize{
....
sql
...
}
accounting{
....
sql
...}
session{
....
sql
...}
post-auth{
....
sql
...}

[root@game]#vim  /etc/freeradius/clients.conf
.....
client localhost {
           ipaddr = 127.0.0.1
           secret  = testing123
           require_message_authenticator = no
           shortname   = localhost
           nastype   = other
}


......
#ini test untuk  network saya( silahkan mengikuti network masing masing)
client 192.168.1.0/24 {
        secret              = testing123
        shortname       = private-network-1
}


[root@game]# /etc/init.d/freeradius restart

--Sample user--

mysql> select * from radcheck;
+----+----------+---------------+----+-------+
| id | username | attribute     | op | value |
+----+----------+---------------+----+-------+
|  1 | jajal    | User-Password | := | jajal |
|  2 | fo       | User-Password | := | fo    |
|  3 | game     | User-Password | := | game  |
|  5 | sama     | User-Password | := | sama  |
+----+----------+---------------+----+-------+
4 rows in set (0.00 sec)


--testing and checking 1--

[root@game]# radtest game game localhost 1812 testing123
Sending Access-Request of id 109 to 127.0.0.1 port 1812
    User-Name = "game"
    User-Password = "game"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=109, length=20

-- akses dari ISA Server 2006 --

 -note -> settingan vpn di ISA tidak dibahas di sini :D
 Buka properties Virtual Private Network >RADIUS. check use RADIUS dan klik RADIUS Server, seperti gambar. isikan shared secret sesuai di clinets.conf



--testing and checking 2--





sumber :
google.com
http://www.8021xhelp.com/node/6

Comments

Popular posts from this blog

Webalizer - Statistik trafik/kunjungan web (ubuntu)

--goal--
make subdomain trafik statistik

--install--
run this command :
sudo apt-get install webalizeredit "/etc/apache2/apache2.conf" , set
HostnameLookups Off into :
HostnameLookups On
--1--
All we need is already prepared, now set log of vhost in "/etc/apache2/sites-enabled" to spesifict folder.
exp. $sudo vi /etc/apache2/sites-enabled/monitor CustomLog ${APACHE_LOG_DIR}/access.log into: CustomLog ${APACHE_LOG_DIR}/vhost/monitor/access.logrestart service
$sudo /etc/init.d/apache2 restart
--2--
create another file config of webalizer in /etc/webalizer
exp. vi /etc/webalier/monitor.conf
set the LogFile to apache2 logfile:
LogFile /var/log/apache2/vhost/monitor/access.log # apache log OutputDir /var/webalizer/monitor/ #webalizer report Incremental yes ReportTitle Usage statistics for HostName monitor.brekele.co.cc
--3--
create script to run webalizer via crontab
exp. vi /etc/webalizer/cron_job
#!/bin/bash echo "di jalankan pada: `date +"%d-%B-%Y %r"…

pgpoolAdmin, web interface for pgpool

--preparation--
next capter of pgpool from my last post ( here), now i wanna post about a tool that can manage pgpool from web interface called pgpoolAdmin. next... enjoy the post... ^_^

--1--
first we need to download pgpooladmin from here, extrak and copy or move to http directory( for exp : /var/www) 
$wget http://pgfoundry.org/frs/download.php/2964/pgpoolAdmin-3.0.3.tar.gz $tar zxvf pgpoolAdmin-3.0.3.tar.gz $sudo cp -Rf pgpoolAdmin-3.0.3 /var/www/test
 --2--
install pgpooladmin via web on: http://localhost/test/install


make sure owner of that file is "www-data"(of course have write akses) and check again



login with user that you create on /etc/pcp.conf (for more detail see my last post



and done.ya.. tooo.......!!!
 ^_^

send oracle 11g audit log to syslog server ( on other PC)

--preparation-- 
well...... this time i will write about syslog, and for this experiment what we need is :
- kiwi syslog server get from here and install it on your PC( i use xp for this server syslog)
- oracle db
- and of course, a cup of coffee is a must and other thing that make you relax and comfortable ( :p )

--scema--
first thing to do is redirect oracle audit log to syslog, and than from syslog send to syslog server( kiwi syslog)

--1--
 edit initSID.ora and add this folowing config :
create "/var/log/oracle/" firs
audit_file_dest='/var/log/oracle/' audit_trail='OS' AUDIT_SYSLOG_LEVEL=local1.warning after that edit /etc/syslog.conf, and add this folowing config :
#Save oracle rdbms audit trail to oracle_audit.log local1.warning /var/log/oracle/oracle_audit.log #Send oracle rdbms audit trail to remote syslog server local1.warning @1.1.1.1 #<= ip your syslog server--2--
restart syslog service with command :
/sbin/service syslog restart …