how-to:dlink:radius
Radius
Привилегии dlink-Privelege-Level или Dlink-User-Level:
| 5 | Admin |
| 4 | Operator |
| 3 | User |
Настройка на оборудовании
DGS-3100
create authen server_host 10.90.90.92 protocol radius port 1812 key "key" timeout 5 retransmit 2 priority first config authen_login http_method_list method radius local config authen_login method_list_name rad_ext method radius local config authen application telnet login rad_ext config authen application ssh login rad_ext
Остальные
create authen server_host 10.90.90.92 protocol radius port 1812 key "key" timeout 5 retransmit 2 create authen_login method_list_name rad_ext config authen_login method_list_name rad_ext method radius local config authen application http login method_list_name rad_ext config authen application telnet login method_list_name rad_ext config authen application ssh login method_list_name rad_ext enable authen_policy
Настройка на Freeradius
/etc/freeradius/clients.conf:
client dlink {
ipaddr = 10.90.90.90
secret = key
}
Если отсутствуют словари dlink (/usr/share/freeradius/dictionary.dlink), то добавляем в /etc/freeradius/dictionary:
VENDOR Dlink 171 BEGIN-VENDOR Dlink ATTRIBUTE Dlink-User-Level 1 integer ATTRIBUTE Dlink-Ingress-Bandwidth-Assignment 2 integer ATTRIBUTE Dlink-Egress-Bandwidth-Assignment 3 integer ATTRIBUTE Dlink-1p-Priority 4 integer ATTRIBUTE Dlink-VLAN-Name 10 string ATTRIBUTE Dlink-VLAN-ID 11 string ATTRIBUTE Dlink-ACL-Profile 12 string ATTRIBUTE Dlink-ACL-Rule 13 string ATTRIBUTE Dlink-ACL-Script 14 string VALUE Dlink-User-Level User-Legacy 1 VALUE Dlink-User-Level User 3 VALUE Dlink-User-Level Operator 4 VALUE Dlink-User-Level Admin 5 VALUE Dlink-User-Level Power-User 6 VALUE Dlink-User-Level Admin-Legacy 15 END-VENDOR Dlink
/etc/freeradius/users:
user Cleartext-Password := "user"
dlink-Privelege-Level = 5,
User-Service-Type = Shell-User,
cisco-avpair += "shell:priv-lvl=1"
Пользователь user будет администратором на оборудовании.
Ссылки
how-to/dlink/radius.txt · Последнее изменение: — 127.0.0.1