Project

General

Profile

Tâche #16974

Scénario #16337: gestion des logs freeradius par rsyslog

Freeradius devrait logger dans syslog

Added by Emmanuel GARETTE about 3 years ago. Updated over 2 years ago.

Status:
Fermé
Priority:
Normal
Start date:
09/02/2016
Due date:
% Done:

100%

Estimated time:
5.00 h
Spent time:
Remaining (hours):
0.0

Description

Radius devrait logger directement dans syslog au lieu d'avoir un fichier de log spécifique : http://wiki.freeradius.org/guide/Syslog-HOWTO

radiusd.conf.patch View (546 Bytes) Fabrice Barconnière, 06/13/2017 11:36 AM

Associated revisions

Revision b4b055b5 (diff)
Added by Gérald Schwartzmann over 2 years ago

Passage à syslog pour le mode accounting de Freeradius

  • passage de 2 variables en type password
  • activation de la journalisation des requêtes d'authentification
  • passage à syslog

Ref: #16974 @60m

History

#1 Updated by Joël Cuissinat about 3 years ago

  • Tracker changed from Proposition Scénario to Tâche
  • Remaining (hours) set to 3.0

#2 Updated by Joël Cuissinat about 3 years ago

  • Tracker changed from Tâche to Proposition Scénario
  • Project changed from Distribution EOLE to eole-radius

#3 Updated by Joël Cuissinat about 3 years ago

  • Tracker changed from Proposition Scénario to Tâche

#4 Updated by Benjamin Bohard about 3 years ago

  • Assigned To set to Benjamin Bohard
  • % Done changed from 0 to 40
  • Remaining (hours) changed from 3.0 to 2.0

#5 Updated by Benjamin Bohard about 3 years ago

  • Status changed from Nouveau to En cours

#6 Updated by Joël Cuissinat about 3 years ago

  • Status changed from En cours to Nouveau
  • Assigned To deleted (Benjamin Bohard)
  • Estimated time changed from 3.00 h to 5.00 h
  • Remaining (hours) changed from 2.0 to 3.0

cf. pré-étude de Benjamin dans le scénario...

#7 Updated by Gérald Schwartzmann over 2 years ago

  • Assigned To set to Gérald Schwartzmann

#8 Updated by Gérald Schwartzmann over 2 years ago

  • Status changed from Nouveau to En cours

#9 Updated by Gérald Schwartzmann over 2 years ago

root@amon:/etc/rsyslog.d# apt-cache policy freeradius
freeradius:
  Installé : 2.2.8+dfsg-0.1build2

http://freeradius.org/

La version qui a court est la 2.2.9 mais aucun changement à propos de syslog :

30 September 2015 - Version 2.2.9 has been released.

    The focus of this release is stability.
    Feature improvements

        None.

    Bug Fixes

        Fix Tunnel-Password crash from home server. Found by Denis Andzakovic.
        Fix timer issue when proxying.
        Update EAP-TTLS so that MPPE keys are correctly calculated with TLSv1.2.
        Always delete MS-MPPE-* from the TTLS inner tunnel. This allows TTLS / EAP-MSCHAPv2 to work.
        Don't fall through in empty "case" statements. Fixes #1274.

09 July 2015 - Version 2.2.8 has been released.

#10 Updated by Gérald Schwartzmann over 2 years ago

La section

log {
}

existe dans /etc/freeradius/radiusd.conf

http://wiki.freeradius.org/config/Logging

#11 Updated by Gérald Schwartzmann over 2 years ago

service freeradius stop
freeradius -X

ip port et clé secrete du NAS

radtest -x admin eole 10.1.2.1 10 azerty

Le mode 802.1x ne semble pas fonctionner
L'IP de l'annuaire est demandé mais pas le mdp du reader…

Configure Radius with LDAP for network authentication
https://mageconfig.blogspot.fr/2014/11/configure-radius-with-ldap-for-network.html

#12 Updated by Fabrice Barconnière over 2 years ago

Effectivement, le mode 802.1x ne fonctionne pas.
Il y a des choses à revoir mais ça fait l'objet d'un scénario : #20757

#13 Updated by Gérald Schwartzmann over 2 years ago

  • % Done changed from 40 to 50

Ajout de commande dans la doc bloc Truc et astuce :
/2_6/modules/Amon/22_ConfigurationNormal/23-ConfigurationFreeRADIUS.scen
http://eole.ac-dijon.fr/documentations/2.6/partielles/beta/ModuleAmon/co/23-ConfigurationFreeRADIUS.html

#14 Updated by Gérald Schwartzmann over 2 years ago

  • % Done changed from 50 to 100
  • Remaining (hours) changed from 3.0 to 0.5

#15 Updated by Gérald Schwartzmann over 2 years ago

  • Status changed from En cours to Résolu

eole-radius_2.6.1-2_all.deb
http://castor.eole.lan:9998/job/10777

#17 Updated by Fabrice Barconnière over 2 years ago

  • Remaining (hours) changed from 0.5 to 0.0

#18 Updated by Fabrice Barconnière over 2 years ago

  • Les champs sont bien en type password dan gen_config
  • Logs OK :
    root@amon:~# radtest admin eole 10.1.2.1 10 azerty
    Sending Access-Request of id 141 to 10.1.2.1 port 1812
            User-Name = "admin" 
            User-Password = "eole" 
            NAS-IP-Address = 192.168.0.31
            NAS-Port = 10
            Message-Authenticator = 0x00000000000000000000000000000000
    rad_recv: Access-Accept packet from host 10.1.2.1 port 1812, id=141, length=76
            Tunnel-Medium-Type:0 = IEEE-802
            Tunnel-Type:0 = VLAN
            Filter-Id = "Enterasys:version=1:policy=Enterprise User" 
    root@amon:~# tail /var/log/rsyslog/local/freeradius/freeradius.notice.log 
    2017-06-13T09:55:34.048984+02:00 amon.etb1.lan freeradius[9526]: Login OK: [admin] (from client borne1 port 10)
    
  • Vu le bloc truc et astuce pour la commande radtest
    • elle sera valable également pour le mode 802.1x quand il fonctionnera

#19 Updated by Fabrice Barconnière over 2 years ago

ERRATA

Pour logger Freeradius dans Rsyslog sur Amon/Amonecole 2.4.x et 2.5.x, il faut appliquer ce patch sur vos serveurs :

#20 Updated by Fabrice Barconnière over 2 years ago

Création et test du patch sur etb3 amonecole 2.4.2 et etb2 amon 2.5.2 + modification des pages errata 2.4, 2.5 et 2.6

#21 Updated by Scrum Master over 2 years ago

  • Status changed from Résolu to Fermé

Also available in: Atom PDF