ืืืืขื ืืืฉืืื ืืืกืืืจ ืื ืคืงืช ืืชืืืืช IP ืืื ืืืื. ืชื ืื ืืืขืื:
- ืื ื ืืชื ืื ืฉืจืช ื ืคืจื ืืืจืฉืื - ืืชื ืชืกืชืคืง ๐
- ืื ืืืื ืืืืืื ืืงืื ืืืืจืืช ืจืฉืช ืืืืฆืขืืช DHCP
- ืืจืฉืช ืืื ืืืจืืื ืืช. ืื ืืืื ืฆืืื PON ืืืชืืื ืจืืืืื ืขื ืืืคืฆืื 82 ืืืืืจืช ืืืกืืกื WiFi ืขื ื ืงืืืืช ืืืืช
- ืื ืื ืชืื ืื ืืื ื ื ืืคืืื ืืืฃ ืืื ืืืชื ืืื ืืื ืคืงืช IP, ืขืืื ืืื ืคืืง IP ืืจืฉืช "ืืืจื"
ืืฆื ืืืื: ืขืืืื ืืฉ ืฉืจืช ื-FreeBSD ืฉืืืื "ืืขืืื", ืืื ืืื "ืจืืืง" ;), ืื "ืืืฉ ืืจืฉืช ืืื".
ืืฉ ืื ืืืฉืืจ ื ืคืื ืืฉื Mikrotik. ืืืืืจืืช ืืจืฉืช ืืืืืืช ืืื ืืขืจื ืื:
ืืืืจ ืืืฉืื, ืืืืื ืืืฉืชืืฉ ื- FreeRadius ืืื ืืื ืคืืง ืืืืจืืช ืจืฉืช ืืื ืืืื. ืืืืคื ืขืงืจืื ื, ืืกืืืื ืืื ืจืืืื: ืื ื ืืืคืฉืจืื ืืช ืฉืจืช ื-DHCP ื-Microtick, ืืืช Radius Client ืื. ืื ื ืืืืืจืื ืืช ืฉืจืช ื-DHCP -> Radius Client -> ืืืืืจ ืฉืจืช Radius.
ืื ืื ื ืจืื ืงืฉื. ืืื! ืืฉืื ื ืืฆื ืืคืจืืื. ืืืืืจ:
- ืืขืช ืืจืฉืืช PON OLT ืืืืฆืขืืช ืกืืืื ืื, ืืงืฉื ื ืฉืืืช ื-FreeRadius ืขื ืฉื ืืฉืชืืฉ ืืฉืืื ืืืชืืืช ื-MAC ืฉื ื-headend, Agent-Circuit-Id ืืฉืืื ื-MAC PON Onu ืืกืืกืื ืจืืงื.
- ืืขืช ืืจืฉืื ืืชืืื ืขื ืืคืฉืจืืช 82, FreeRadius ืืงืื ืืงืฉื ืขื ืฉื ืืฉืชืืฉ ืจืืง ืืฉืืื ื-MAC ืฉื ืืืฉืืจ ืืื ืื ืืืืื ืืชืืื ืืช ื ืืกืคืืช Agent-Circuit-Id ื-Agent-Remote-Id ืืืืืืืช, ืืืชืืื, ืฉืื ืืช ื-MAC ืฉื ืืชื ืืืืกืจ ืืืืฆืืื ืืืื ืืืืืจ ืืื ืื.
- ืืืง ืืืื ืืืื ืขื ื ืงืืืืช WiFI ืืืจืฉืื ืืืืฆืขืืช ืคืจืืืืงืืื PAP-CHAP
- ืืืง ืืืื ืืืื ืื ืงืืืืช WIFI ืืืจืฉืื ืขื ืฉื ืืฉืชืืฉ ืืฉืืื ืืืชืืืช ื-MAC ืฉื ื ืงืืืช ื-WIFI, ืืื ืกืืกืื.
ืจืงืข ืืืกืืืจื: ืืื "ืืืคืฆืื 82" ื-DHCP
ืืื ืื ืืคืฉืจืืืืช ื ืืกืคืืช ืขืืืจ ืคืจืืืืงืื DHCP ืืืืคืฉืจืืช ืื ืืืขืืืจ ืืืืข ื ืืกืฃ, ืืืฉื ืืฉืืืช Agent-Circuit-Id ื-Agent-Remote-Id. ืืฉืืฉ ืืืจื ืืื ืืืขืืจืช ืืชืืืช ื-MAC ืฉื ืืชื ืืืืกืจ ืืืืฆืืื ืืืื ืืืืืจ ืืื ืื. ืืืงืจื ืฉื ืฆืืื PON ืื ืชืื ืืช ืืกืืก WIFI, ืืฉืื Agent-Circuit-Id ืืื ื ืืืื ืืืืข ืฉืืืืฉื (ืืื ืืฆืืืช ืื ืื). ืืกืืืื ืืืืืืช ืฉื ืคืขืืืช DHCP ืืืงืจื ืื ืืื ืืืืงืื:
ืฉืื ืืืจ ืฉืื ืชืื ืืช ืื ืคืืขืืช ืื:
- ืฆืืื ืืืฉืชืืฉ ืืืฆืข ืืงืฉืช ืฉืืืืจ DHCP ืืื ืืงืื ืืืืจืืช ืจืฉืช
- ืืืืฉืืจ (ืืืืืื, ืืชื, ืชืื ืช ืืกืืก WiFi ืื PON) ืฉืืืื ืืืืืจ ืฆืืื ืืื ืื ืืฉืืจืืช "ืืืืจื" ืืช ืืืืืื ืืื ืืืฉื ื ืืืชื, ืืืื ืืก ืืชืืื ืืคืฉืจืืืืช ื ืืกืคืืช ืืืคืฆืื 82 ืืืชืืืช IP ืฉื ืกืืื ืืืกืจ, ืืืฉืืจ ืืืชื ืืืืฉื ืืจืฉืช.
- ืฉืจืช ื-DHCP ืืงืื ืืช ืืืงืฉื, ืืืฆืจ ืชืืืื ืืฉืืื ืืืชื ืืืชืงื ืืืืกืจ
- ืืืฉืืจ ืืืืกืจ ืืขืืืจ ืืช ืืืืืช ืืชืืืื ืืืืฉืืจ ืืื ืื
ืืืืื, ืืื ืื ืขืืื ืื ืื ืืงืืืช; ืืชื ืฆืจืื ืืืืืืจ ืืช ืฆืืื ืืจืฉืช ืฉืื ืืืชืื.
ืืชืงื ืช FreeRadius
ืืืืื ืฉื ืืชื ืืืฉืื ืืืช ืขื ืืืืจืืช ืืชืฆืืจื ืฉื FreeRadius, ืืื ืื ืงืฉื ืืื ืืจืืจ... ืืืืืื ืืฉืืชื ืืืื ืืฉื ืืืจื N ืืืืฉืื ื"ืืื ืขืืื". ืืื, ืืืืื ื ืืืชืื ืืืืื ืืจืฉืืืช ืืฉืื ื ืขืืืจ FreeRadius ื-Python. ืื ื ื ืืงื ื ืชืื ื ืืจืฉืืืช ืืืกื ืื ืชืื ืื ืฉื MySQL. ืืื ืืขื ืืชืืจ ืืช ืืืื ื ืฉืื; ืืื ืืงืจื, ืื ืืื ืืขืฉื ืืช ืื "ืืขืฆืื". ืืคืจื, ืืงืืชื ืืช ืืืื ื ืืืืฆืข ืขื ืืืืื sql ืขืืืจ FreeRadius, ืืฉืื ืืชื ืืืชื ืืขื ืขื ืืื ืืืกืคืช ืฉืื ืืง ืืคืืจื ืขืืืจ ืื ืื ืื, ืื ืืกืฃ ืืกืืกืืช ืืื ืืกื.
ืื, ืจืืฉืืช, ืืชืงื ืืช FreeRadius:
cd /usr/ports/net/freeradius3
make config
make
install clean
ืืืืืจืืช, ืืืจ ืืืชืงื ื:
ืื ื ืืืฆืจืื ืงืืฉืืจ ืกืืืื ืืืืืื ืคืืชืื (ืืืืืจ "ืืคืขื" ืืืชื):
ln -s /usr/local/etc/raddb/mods-available/python /usr/local/etc/raddb/mods-enabledืืืื ื ืชืงืื ืืืืื ื ืืกืฃ ืขืืืจ python:
pip install mysql-connectorืืืืืจืืช ืืืืื python ืขืืืจ FreeRadius, ืขืืื ืืฆืืื ืืช ื ืชืืื ืืืืคืืฉ ืฉื ืืืืืื ืืืฉืชื ื python_path. ืืืืืื ืืฉ ืื ืืช ืื:
python_path="/usr/local/etc/raddb/mods-config/python:/usr/local/lib/python2.7:/usr/local/lib/python27.zip:/usr/local/lib/python2.7:/usr/local/lib/python2.7/plat-freebsd12:/usr/local/lib/python2.7/lib-tk:/usr/local/lib/python2.7/lib-old:/usr/local/lib/python2.7/lib-dynload:/usr/local/lib/python2.7/site-packages"
ืืชื ืืืื ืืืืืช ืืช ืื ืชืืืื ืขื ืืื ืืคืขืืช ืืชืืจืืื python ืืืื ืช ืืคืงืืืืช:
root@phaeton:/usr/local/etc/raddb/mods-enabled# python
Python 2.7.15 (default, Dec 8 2018, 01:22:25)
[GCC 4.2.1 Compatible FreeBSD Clang 6.0.1 (tags/RELEASE_601/final 335540)] on freebsd12
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> sys.path
['', '/usr/local/lib/python27.zip', '/usr/local/lib/python2.7', '/usr/local/lib/python2.7/plat-freebsd12', '/usr/local/lib/python2.7/lib-tk', '/usr/local/lib/python2.7/lib-old', '/usr/local/lib/python2.7/lib-dynload', '/usr/local/lib/python2.7/site-packages']
>ืื ืื ืชืืฆืข ืืช ืืฆืขื ืืื, ืื ืกืงืจืืคืืื ืฉื ืืชืื ื-python ืืืืฉืงื ืขื ืืื FreeRadius ืื ืืืฆืื ืืช ืืืืืืืื ืืจืฉืืืื ืืืืื. ืื ืืกืฃ, ืขืืื ืืืื ืืขืจืืช ืืคืื ืงืฆืืืช ืืงืจืืืช ืืจืฉืื ืืืฉืืื ืืืช ืืืืืจืืช ืืืืืื. ืืืืืื, ืืืืื ืื ื ืจืื ืื:
python {
python_path="/usr/local/etc/raddb/mods-config/python:/usr/local/lib/python2.7:/usr/local/lib/python2.7/site-packages:/usr/local/lib/python27.zip:/usr/local/lib/python2.7:/usr/local/lib/python2.7/plat-freebsd12:/usr/local/lib/python2.7/lib-tk:/usr/local/lib/python2.7/lib-old:/usr/local/lib/python2.7/lib-dynload:/usr/local/lib/python2.7/site-packages"
module = work
mod_instantiate = ${.module}
mod_detach = ${.module}
mod_authorize = ${.module}
func_authorize = authorize
mod_authenticate = ${.module}
func_authenticate = authenticate
mod_preacct = ${.module}
func_preacct = preacct
mod_accounting = ${.module}
func_accounting = accounting
mod_checksimul = ${.module}
mod_pre_proxy = ${.module}
mod_post_proxy = ${.module}
mod_post_auth = ${.module}
mod_recv_coa = ${.module}
mod_send_coa = ${.module}
}ืืฉ ืืืงื ืืช ืืกืงืจืืคื work.py (ืืื ืืืืจืื) ื- /usr/local/etc/raddb/mods-config/python ืืฉ ืื ืฉืืืฉื ืกืงืจืืคืืื ืืกื ืืื.
work.py:
#!/usr/local/bin/python
# coding=utf-8
import radiusd
import func
import sys
from pprint import pprint
mysql_host="localhost"
mysql_username="ัะบะฐััะบ"
mysql_password="ััะบะฐััะบะฐััะบ"
mysql_base="ััะบะฐัะบัะฐัั"
def instantiate(p):
print ("*** instantiate ***")
print (p)
# return 0 for success or -1 for failure
def authenticate(p):
print ("*** ะััะตะฝัะธะบะฐัะธั!!***")
print (p)
def authorize(p):
radiusd.radlog(radiusd.L_INFO, '*** radlog call in authorize ***')
conn=func.GetConnectionMysql(mysql_host, mysql_username, mysql_password, mysql_base);
param=func.ConvertArrayToNames(p);
pprint(param)
print ("*** ะะฒัะพัะธะทะฐัะธั ***")
reply = ()
conf = ()
cnt=0
username="";mac="";
# ัะฝะฐัะฐะปะฐ ะฟัะพะฒะตััะตะผ "ะบะฐะบ ะฟะพะปะพะถะตะฝะพ", ะฟะพ ัะฒัะทะบะต ะปะพะณะธะฝ/ะฟะฐัะพะปั
if ("User-Name" in param) and ("User-Password" in param) :
print ("ะะฐัะธะฐะฝั ะฐะฒัะพัะธะทะฐัะธะธ (1): ะตััั ะปะพะณะธะฝ-ะฟะฐัะพะปั")
pprint(param["User-Name"])
pprint(param["User-Password"])
pprint(conn)
print(sys.version_info)
print (radiusd.config)
sql="select radreply.attribute,radreply.value from radcheck inner join radreply on radreply.username=radcheck.username where radcheck.username=%s and radcheck.value=%s"
print(sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql,[param["User-Name"], param["User-Password"]]);
row = cursor.fetchone()
while row is not None:
cnt=cnt+1
username=row["username"]
reply = reply+((str(row["attribute"]),str(row["value"])), )
row = cursor.fetchone()
# ะฒะฐัะธะฐะฝั, ััะพ User-Name - ััะพ ะะะก ะฐะดัะตั ะะก,ะฟะฐัะพะปั ะธ ะฟะพััะฐ ะฝะตั
if ("User-Name" in param) and ("User-Password" in param) and (cnt==0):
if param["User-Password"] =='':
if ":" in param["User-Name"]:
pprint(param["User-Name"])
print ("ะะฐัะธะฐะฝั ะฐะฒัะพัะธะทะฐัะธะธ (2): User-Name - ััะพ MAC ะฐะดัะตั ะฑะฐะทะพะฒะพะน ััะฐะฝัะธะธ, ะฟะพััะฐ ะธ ะฟะฐัะพะปั ะฝะตั")
sql="select radreply.username,radreply.attribute,radreply.value from radcheck inner join radreply on radreply.username=radcheck.username where REPLACE(radcheck.mac,':','') = REPLACE(REPLACE('"+str(param["User-Name"])+"','0x',''),':','') and radcheck.sw_port=''"
print (sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
row = cursor.fetchone()
while row is not None:
cnt=cnt+1
username=row["username"]
mac=param["User-Name"]
reply = reply+((str(row["attribute"]),str(row["value"])), )
row = cursor.fetchone()
if ("Agent-Remote-Id" in param) and ("User-Password" in param) and (cnt==0):
if param["User-Password"] =='':
pprint(param["Agent-Remote-Id"])
print ("ะะฐัะธะฐะฝั ะฐะฒัะพัะธะทะฐัะธะธ (2.5): Agent-Remote-Id - ััะพ MAC ะฐะดัะตั PON ะพะฑะพััะดะพะฒะฐะฝะธั")
sql="select radreply.username,radreply.attribute,radreply.value from radcheck inner join radreply on radreply.username=radcheck.username where REPLACE(radcheck.mac,':','') = REPLACE(REPLACE('"+str(param["Agent-Remote-Id"])+"','0x',''),':','') and radcheck.sw_port=''"
print (sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
row = cursor.fetchone()
while row is not None:
cnt=cnt+1
username=row["username"]
mac=param["User-Name"]
reply = reply+((str(row["attribute"]),str(row["value"])), )
row = cursor.fetchone()
#ะะฐัะธะฐะฝั, ััะพ Agent-Remote-Id - ััะพ ะะะก ะฐะดัะตั ะะก,ะฟะฐัะพะปั ะธ ะฟะพััะฐ ะฝะตั ะธ ะฟัะตะดัะดััะธะต ะฒะฐัะธะฐะฝัั ะฟะพะธัะบะฐ IP ัะตะทัะปััะฐัะฐ ะฝะต ะดะฐะปะธ
if ("Agent-Remote-Id" in param) and ("User-Password" not in param) and (cnt==0):
pprint(param["Agent-Remote-Id"])
print ("ะะฐัะธะฐะฝั ะฐะฒัะพัะธะทะฐัะธะธ (3): Agent-Remote-Id - ะะะก ะฑะฐะทะพะฒะพะน ััะฐะฝัะธะธ/ะฟะพะฝ. ะะพััะฐ ะฒ ะฑะธะปะปะธะฝะณะต ะฝะตั")
sql="select radreply.username,radreply.attribute,radreply.value from radcheck inner join radreply on radreply.username=radcheck.username where REPLACE(radcheck.mac,':','') = REPLACE(REPLACE('"+str(param["Agent-Remote-Id"])+"','0x',''),':','') and radcheck.sw_port=''"
print(sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
row = cursor.fetchone()
while row is not None:
cnt=cnt+1
mac=param["Agent-Remote-Id"]
username=row["username"]
reply = reply+((str(row["attribute"]),str(row["value"])), )
row = cursor.fetchone()
#ะะฐัะธะฐะฝั, ััะพ ะฟัะตะดัะดััะธะต ะฟะพะฟััะบะธ ัะตะทัะปััะฐัะฐ ะฝะต ะดะฐะปะธ, ะฝะพ ะตััั Agent-Remote-Id ะธ Agent-Circuit-Id
if ("Agent-Remote-Id" in param) and ("Agent-Circuit-Id" in param) and (cnt==0):
pprint(param["Agent-Remote-Id"])
pprint(param["Agent-Circuit-Id"])
print ("ะะฐัะธะฐะฝั ะฐะฒัะพัะธะทะฐัะธะธ (4): ะฐะฒัะพัะธะทะฐัะธั ะฟะพ Agent-Remote-Id ะธ Agent-Circuit-Id, ะฒ ะฑะธะปะปะธะฝะณะต ะตััั ะฟะพัั/ะผะฐะบ")
sql="select radreply.username,radreply.attribute,radreply.value from radcheck inner join radreply on radreply.username=radcheck.username where upper(radcheck.sw_mac)=upper(REPLACE('"+str(param["Agent-Remote-Id"])+"','0x','')) and upper(radcheck.sw_port)=upper(RIGHT('"+str(param["Agent-Circuit-Id"])+"',2)) and radcheck.sw_port<>''"
print(sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
row = cursor.fetchone()
while row is not None:
cnt=cnt+1
mac=param["Agent-Remote-Id"]
username=row["username"]
reply = reply+((str(row["attribute"]),str(row["value"])), )
row = cursor.fetchone()
# ะตัะปะธ ัะฐะบ ะดะพ ัะธั
ะฟะพั IP ะฝะต ะฟะพะปััะตะฝ, ัะพ ะฒัะดะฐั ะธะตะณะพ ะธะท ะณะพััะตะฒะพะน ัะตัะธ..
if cnt==0:
print ("ะะธ ะพะดะธะฝ ะธะท ะฒะฐัะธะฐะฝัะพะฒ ะฐะฒัะพัะธะทะฐัะธะธ ะฝะต ััะฐะฑะพัะฐะป, ะฟะพะปััะฐั IP ะธะท ะณะพััะตะฒะพะน ัะตัะธ..")
ip=func.GetGuestNet(conn)
if ip!="":
cnt=cnt+1;
reply = reply+(("Framed-IP-Address",str(ip)), )
# ะตัะปะธ ัะพะฒัะตะผ ะฒัั ะฟะปะพั
ะพ, ัะพ Reject
if cnt==0:
conf = ( ("Auth-Type", "Reject"), )
else:
#ะตัะปะธ ะฐะฒัะพัะธะทะฐัะธั ััะฟะตัะฝะฐั (ะตััั ัะฐะบะพะน ะฐะฑะพะฝะตะฝั), ัะพ ะทะฐะฟะธัะตะผ ะธััะพัะธั ะฐะฒัะพัะธะทะฐัะธะธ
if username!="":
func.InsertToHistory(conn,username,mac, reply);
conf = ( ("Auth-Type", "Accept"), )
pprint (reply)
conn=None;
return radiusd.RLM_MODULE_OK, reply, conf
def preacct(p):
print ("*** preacct ***")
print (p)
return radiusd.RLM_MODULE_OK
def accounting(p):
print ("*** ะะบะบะฐัะฝัะธะฝะณ ***")
radiusd.radlog(radiusd.L_INFO, '*** radlog call in accounting (0) ***')
print (p)
conn=func.GetConnectionMysql(mysql_host, mysql_username, mysql_password, mysql_base);
param=func.ConvertArrayToNames(p);
pprint(param)
print("ะฃะดะฐะปะธะผ ััะฐััะต ัะตััะธะธ (ะฑะพะปะตะต 20 ะผะธะฝัั ะฝะตั ะฐะบะบะฐัะฝัะธะฝะณะฐ)");
sql="delete from radacct where TIMESTAMPDIFF(minute,acctupdatetime,now())>20"
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
conn.commit()
print("ะะฑะฝะพะฒะธะผ/ะดะพะฑะฐะฒะธะผ ะธะฝัะพัะผะฐัะธั ะพ ัะตััะธะธ")
if (("Acct-Unique-Session-Id" in param) and ("User-Name" in param) and ("Framed-IP-Address" in param)):
sql='insert into radacct (radacctid,acctuniqueid,username,framedipaddress,acctstarttime) values (null,"'+str(param['Acct-Unique-Session-Id'])+'","'+str(param['User-Name'])+'","'+str(param['Framed-IP-Address'])+'",now()) ON DUPLICATE KEY update acctupdatetime=now()'
print(sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql)
conn.commit()
conn=None;
return radiusd.RLM_MODULE_OK
def pre_proxy(p):
print ("*** pre_proxy ***")
print (p)
return radiusd.RLM_MODULE_OK
def post_proxy(p):
print ("*** post_proxy ***")
print (p)
return radiusd.RLM_MODULE_OK
def post_auth(p):
print ("*** post_auth ***")
print (p)
return radiusd.RLM_MODULE_OK
def recv_coa(p):
print ("*** recv_coa ***")
print (p)
return radiusd.RLM_MODULE_OK
def send_coa(p):
print ("*** send_coa ***")
print (p)
return radiusd.RLM_MODULE_OK
def detach():
print ("*** ะะฐ ััะพะผ ะฒัั ะดะตัะธัะตัะบะธ ***")
return radiusd.RLM_MODULE_OK
func.py:
#!/usr/bin/python2.7
# coding=utf-8
import mysql.connector
from mysql.connector import Error
# ะคัะฝะบัะธั ะฒะพะทะฒัะฐัะฐะตั ัะพะตะดะธะฝะตะฝะธะต ั MySQL
def GetConnectionMysql(mysql_host, mysql_username, mysql_password, mysql_base):
try:
conn = mysql.connector.connect(host=mysql_host,database=mysql_base,user=mysql_username,password=mysql_password)
if conn.is_connected(): print('---cะพะตะดะธะฝะตะฝะธะต ั ะะ '+mysql_base+' ัััะฐะฝะพะฒะปะตะฝะพ')
except Error as e:
print("ะัะธะฑะบะฐ: ",e);
exit(1);
return conn
def ConvertArrayToNames(p):
mass={};
for z in p:
mass[z[0]]=z[1]
return mass
# ะคัะฝะบัะธั ะทะฐะฟะธััะฒะฐะตั ะธััะพัะธั ัะพะตะดะธะฝะตะฝะธั ะฟะพ ะธะทะฒะตััะฝัะผ ะดะฐะฝะฝัะผ
def InsertToHistory(conn,username,mac, reply):
print("--ะทะฐะฟะธััะฒะฐั ะดะปั ะธััะพัะธะธ")
repl=ConvertArrayToNames(reply)
if "Framed-IP-Address" in repl:
sql='insert into radpostauth (username,reply,authdate,ip,mac,session_id,comment) values ("'+username+'","Access-Accept",now(),"'+str(repl["Framed-IP-Address"])+'","'+str(mac)+'","","")'
print(sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
conn.commit()
# ะคัะฝะบัะธั ะฒัะดะฐะตั ะฟะพัะปะตะดะฝะธะน ะฟะพ ะดะฐัะต ะฒัะดะฐัะธ IP ะฐะดัะตั ะธะท ะณะพััะตะฒะพะน ัะตัะธ
def GetGuestNet(conn):
ip="";id=0
sql="select * from guestnet order by dt limit 1"
print (sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
row = cursor.fetchone()
while row is not None:
ip=row["ip"]
id=row["id"]
row = cursor.fetchone()
if id>0:
sql="update guestnet set dt=now() where id="+str(id)
print (sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
conn.commit()
return ip radiusd.py:
#!/usr/bin/python2.7
# coding=utf-8
# from modules.h
RLM_MODULE_REJECT = 0
RLM_MODULE_FAIL = 1
RLM_MODULE_OK = 2
RLM_MODULE_HANDLED = 3
RLM_MODULE_INVALID = 4
RLM_MODULE_USERLOCK = 5
RLM_MODULE_NOTFOUND = 6
RLM_MODULE_NOOP = 7
RLM_MODULE_UPDATED = 8
RLM_MODULE_NUMCODES = 9
# from log.h
L_AUTH = 2
L_INFO = 3
L_ERR = 4
L_WARN = 5
L_PROXY = 6
L_ACCT = 7
L_DBG = 16
L_DBG_WARN = 17
L_DBG_ERR = 18
L_DBG_WARN_REQ = 19
L_DBG_ERR_REQ = 20
# log function
def radlog(level, msg):
import sys
sys.stdout.write(msg + 'n')
level = level
ืืคื ืฉื ืืชื ืืจืืืช ืืืงืื, ืื ื ืื ืกืื ืืืืืช ืืช ืืื ืื ืืืืฆืขืืช ืื ืืฉืืืืช ืืืืื ืืช ืขื ืืื ืืชืืืืช ื-MAC ืืืืืจืืช ืฉื ืืื ืื ืฉืื ืื ืฉืืืื ืฉื ืืืคืฆืื 82, ืืื ืื ืื ืขืืื, ืื ื ืื ืคืืงืื ืืช ืืชืืืช ื-IP ืืืฉื ื ืืืืชืจ ืฉืื ืคืขื ืืฉืชืืฉื ืื ืืืืืจื "ืจืฉืช. ืื ืื ืฉื ืืชืจ ืืื ืืืืืืจ ืืช ืกืงืจืืคื ืืจืืจืช ืืืืื ืืชืืงืื ืืืืคืขืืช ืืืชืจืื, ืื ืฉืืคืื ืงืฆืืืช ืืืจืืฉืืช ืืกืงืจืืคื python ืืชืขืืืช ืืจืืขืื ืืืืืขืืื ืืื. ืืืขืฉื, ืืกืคืืง ืืืืื ืืช ืืงืืืฅ ืืืืคืก:
ืืจืืจืช ืืืื
server default {
listen {
type = auth
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipaddr = *
port = 0
type = acct
limit {
}
}
listen {
type = auth
port = 0
limit {
max_connections = 1600
lifetime = 0
idle_timeout = 30
}
}
listen {
ipv6addr = ::
port = 0
type = acct
limit {
}
}
authorize {
python
filter_username
preprocess
expiration
logintime
}
authenticate {
Auth-Type PAP {
pap
python
}
Auth-Type CHAP {
chap
python
}
Auth-Type MS-CHAP {
mschap
python
}
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
python
exec
attr_filter.accounting_response
}
session {
}
post-auth {
update {
&reply: += &session-state:
}
exec
remove_reply_message_if_eap
Post-Auth-Type REJECT {
attr_filter.access_reject
eap
remove_reply_message_if_eap
}
Post-Auth-Type Challenge {
}
}
pre-proxy {
}
post-proxy {
eap
}
}
ืืื ื ื ืกื ืืืคืขืื ืืืชื ืืืจืืืช ืื ื ืื ืก ืืืืื ืืืืืื:
/usr/local/etc/rc.d/radiusd debugืื ืขืื. ืืขืช ืืืืจืช FreeRadius, ื ืื ืืืืืง ืืช ืคืขืืืชื ืืืืฆืขืืช ืืื ืืฉืืจืืช radclient. ืืืืืื ืืจืฉืื:
echo "User-Name=4C:5E:0C:2E:7F:15,Agent-Remote-Id=0x9845623a8c98,Agent-Circuit-Id=0x00010006" | radclient -x 127.0.0.1:1812 auth testing123ืื ืืฉืืื:
echo "User-Name=4C:5E:0C:2E:7F:15,Agent-Remote-Id=0x00030f26054a,Agent-Circuit-Id=0x00010002" | radclient -x 127.0.0.1:1813 acct testing123ืื ื ืจืืฆื ืืืืืืจ ืืืชื ืฉืื ืืืชื ืืคืฉืจื ืืืืืืื ืืืฉืชืืฉ ืืกืืืื ืืืกืงืจืืคืืื ืืืื "ืืื ืฉืื ืืืื" ืืงื ื ืืืื "ืชืขืฉืืืชื". ืืคืืืช ืืืจืืฉ:
- ืืคืฉืจ "ืืืืืฃ" ืืช ืืชืืืช ื-MAC. ืืกืคืืง ืฉืืื ืื ืืจืฉืื ืืช ื-MAC ืฉื ืืืฉืื ืืืจ ืืืืื ืืขืืืช
- ืืืืืืื ืฉื ืื ืคืงืช ืจืฉืชืืช ืืืจืืื ืืื ืืขืืจ ืืืืงืืจืช. ืืื ืืคืืื ืกืืืื "ืืืื ืืฉ ืืืจ ืืงืืืืช ืขื ืืืชื ืืชืืืช IP?"
ืืื ืจืง "ืคืชืจืื ืืืืชื ืขืืืืืช" ืฉื ืืขื ืืขืืื ืืืืืื ืืชื ืืื ืฉืื, ืื ืืืชืจ. ืื ืชืฉืคืื ืืงืคืื ืืช ๐
ืืงืืจ: www.habr.com