ααΆααα·α
αα
ααΆααααααααΎααααΈαααα
αααΆαα
ααα’αΆααααααΆα IP αααα’αα·αα·ααα αααααααααααααα αΆα
- ααΎαααΉααα·ααααααα±ααα’αααααΌααααΆαααΈαααααΆα ααααα‘αααααααΆααααΆαα’αα»ααααΆααα - α’αααααΉαααααΎααΆπ
- α’αα·αα·ααααααΌαααααα½αααΆαααΆαααααααααααΆαααΆαααα DHCP
- αααααΆαααΊαα»αααααΆα ααααα½ααααα αΌαααΆααα§ααααα PON αα·ααα»αααΆααααααααΆααΆαα½αααΉααααααΎα 82 αααααΆαααααααα ααΆαααααααα αα·αααΌαααααΆααααΆαα αααΆαααΆαα½αα ααααα
- ααααα·αααΎαα·αααααααα·ααααα·ααα αααααααααααααααΆαα½ααααααΆααααΆαα αα IP αα α’αααααααΌαααα αα IP ααΈαααααΆα "ααααα"
αα
αααααααα’α αα
ααααΆααααΆαααΈααααα
ααΎ FreeBSD αααα’αΆα
"ααααΎαααΆα" ααα»ααααααΆ "ααααΆα" ;) αα·αααα "αα
ααΎαααααΆαααα" ααα
ααΆααααΆαα§αααααααα’ααα
αΆααααα½ααααααΆααααααααΆ Mikrotik α ααααΆααααΆααααααΆαααΌαα
ααΊααΌα
αααα
αααααΆααααΈααΆααα·ααα½αα
ααα½α ααΆααααΌαααΆααααααα
α
α·αααααααΎ FreeRadius ααΎααααΈα
ααααΆαααααααααααΆααααα’αα·αα·ααα ααΆαααααΆααα αααααααΆαααααΊααααααΆα ααΎαααΎααααΆαααΈααα DHCP αα
ααΎ Microtick αα·α Radius Client αα
ααΎααΆα ααΎαααααααα
ααΆαααααααααααΆαααΈααα DHCP -> Radius Client -> Radius server connection α
ααΆα αΆααααΌα ααΆαα·ααα·ααΆαααα αα! α’αΆαααααααα·ααα αααα»αααααααΆααααα’α·αα αααααΊα
- αα αααα’αα»ααααΆα PON OLT αααααααΎαααααααΆαααααα ααααΎααααΌαααΆαααααΎαα FreeRadius αααααΆα User-Name ααααΎααΉαα’αΆααααααΆα MAC αα headend ααααΆααααΆα-Circuit-Id ααααΎααΉα MAC PON Onu αα·αααΆααααααααΆαααααα
- αα αααααααααα·αααα·ααΈα§αααααααααΌαααΆαα½ααααααΎα 82 FreeRadius ααα½αααΆαααααΎαααααΆααααααα’αααααααΎαααααααΎααΉα MAC ααα§αααααααααα’αααααΆα α αΎααααααααααα»ααααααααααααα Agent-Circuit-Id αα·α Agent-Remote-Id αααααΆααααααααΆααααααα MAC αα αα»αααΆαααααααΌαα αα·αα ααααααα’αα·αα·ααααααΌαααΆαααααΆααα
- α’αα·αα·αααα½αα ααα½ααααααΆαα ααα»α WiFI ααααΌαααΆαα’αα»ααααΆαααΆαααααα·ααΈααΆα PAP-CHAP
- α’αα·αα·αααα½αα ααα½αααΈα ααα»α WIFI ααααΌαααΆαα’αα»ααααΆαααααααααα’αααααααΎααααΆααααααΎααΉαα’αΆααααααΆα MAC ααα ααα»α WIFI αααααααΆαααΆααααααααΆααα
αααααααα·αααααααα·ααΆαααααα α’αααΈαα ααΆ "αααααΎαααΈ α¨α’" αα αααα»α DHCP
ααΆαααααααΊααΆαααααΎααααααααααααΆαααα·ααΈααΆα DHCP αααα’αα»ααααΆαα±ααα’ααααααααααααααΆααααααα α§ααΆα ααααα αααα»αααΆα Agent-Circuit-Id αα·α Agent-Remote-Id α ααΆααααααΆααααΌαααΆαααααΎααΎααααΈαααααΌαα’αΆααααααΆα MAC αααα»αααΆαααααααΌαα αα·αα ααααααα’αα·αα·ααααααΌαααΆαααααΆααα αααα»αααααΈα§ααααα PON α¬ααααΆααΈααααΌαααααΆα WIFI ααΆα Agent-Circuit-Id αα·αααΆαααααααΆαααΆααααααααα (αα·αααΆαα αααα’αα·αα·αααα) α αααααααΆαααααΌαα ααααααα·ααααα·ααΆα DHCP αααα»αααααΈαααααΆαααΌα ααΆαααααα:
αα½αααα αΆααααα α αααααααΆααααααααααΎαααΆαααΌα
αααα
- α§αααααα’αααααααΎααααΆαααααααΎαααααΎααααΆα DHCP ααΎααααΈααα½αααΆαααΆαααααααααααΆα
- α§ααααα (α§ααΆα ααα αα»αααΆαα αααΆαα αααΆα α¬ααααΆααΈαααΌαααααΆα PON) αααα§αααααα’αα·αα·ααααααΌαααΆαααααΆαααααααααΆαα "ααααΆααα αΆαα" αααα ααααααααΆαααα α αΎαααααΆααααααΌαααΆ αααααααΆααααααΎααααααα Option 82 αα·αα’αΆααααααΆα IP ααααΆααααΆααααααΌααααααα αααα»αααΆ α αΎααααααΌαααΆαααααααααα αααααΆαα
- αααΆαααΈααα DHCP ααα½αααααααΎ αααααΎαααΆαααααΎααα αα·αααααΎααΆαα α§ααααααααααΌαα
- α§ααααααααααΌααααααααααΌααααα ααααααΎααααα α§αααααα’αααααΆα
ααΆααΆααα·αααΆαα ααΆαα·αααααΎαααΆααααΆαααΆααααα½αααααα α’αααααααΌαααααααα ααΆααααααααα§ααααααααααΆαααααα’αααα±ααααααααα
ααΆαααα‘αΎα FreeRadius
ααΆααΆααα·αααΆαα αααα’αΆα αααααα ααΆαααΆαα½αααΉαααΆαααααααα ααΆαααααααα FreeRadius ααα»ααααααΆαα·ααΆααα·ααα·αα αααΆααααΆαα... ααΆαα·ααααα ααααααα’ααααα ααΈααααααααΆααααΈ N αα α αΎα "α’αααΈαααααΎαααΆα"α ααΌα ααααα αΎα ααΎαααΆααααααα α α·αααααααααααΌαα»αααΆαα’αα»ααααΆαααααΆαααααα½αααααααΎααααααΆαα FreeRadius αα αααα»α Python α ααΎαααΉααααα·ααααααααΆαα’αα»ααααΆαααΈααΌαααααΆααα·αααααα MySQL α ααΆααααΆααααα’αααΈαααααα»αααΆααα·αααααΆα’αααΈαα ααΆααααααααααααααΆ αααααΈααΆαααΆαααΆααααα ααα»ααααααααααααΆααΉαααααΎααΆ "αααααΆαααααα½ααα"α ααΆαα·ααα αααα»αααΆααααα ααΆαααααααααααααααΌαααΆααααααααΌαααΆαα½ααααΌαα»α sql αααααΆαα FreeRadius α αΎαααΆαααααΆααααααΌαααΆααααα·α ααααααααα mac αα·α port field αααααΆααα’αα·αα·ααααααΆααα ααααααααΎ login-password α
ααΌα ααααααααΌα ααα‘αΎα FreeRadiusα
cd /usr/ports/net/freeradius3
make config
make
install clean
αα αααα»αααΆαααααα ααΌαααααΎαααΎαααΎααααΈααα‘αΎαα
ααΎααααααΎααααααααΆαααα·αα·ααααααααΆαα
αααΌαα»α python (α§. "ααΎα" ααΆ):
ln -s /usr/local/etc/raddb/mods-available/python /usr/local/etc/raddb/mods-enabled
αααααα‘αΎααααΌαα»ααααααααααααΆαα pythonα
pip install mysql-connector
αα αααα»αααΆαααααααααΌαα»α python αααααΆαα FreeRadius α’αααααααΌααααααΆααααααΌαααααααααααΌαα»ααα αααα»αα’ααα python_path α α§ααΆα ααααααα»αααΆααααα
python_path="/usr/local/etc/raddb/mods-config/python:/usr/local/lib/python2.7:/usr/local/lib/python27.zip:/usr/local/lib/python2.7:/usr/local/lib/python2.7/plat-freebsd12:/usr/local/lib/python2.7/lib-tk:/usr/local/lib/python2.7/lib-old:/usr/local/lib/python2.7/lib-dynload:/usr/local/lib/python2.7/site-packages"
α’αααα’αΆα αααααααααααΌααααααΎααααααα·ααΈαααααα python α αΎααααα αΌαααΆααααααααΆα
root@phaeton:/usr/local/etc/raddb/mods-enabled# python
Python 2.7.15 (default, Dec 8 2018, 01:22:25)
[GCC 4.2.1 Compatible FreeBSD Clang 6.0.1 (tags/RELEASE_601/final 335540)] on freebsd12
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> sys.path
['', '/usr/local/lib/python27.zip', '/usr/local/lib/python2.7', '/usr/local/lib/python2.7/plat-freebsd12', '/usr/local/lib/python2.7/lib-tk', '/usr/local/lib/python2.7/lib-old', '/usr/local/lib/python2.7/lib-dynload', '/usr/local/lib/python2.7/site-packages']
>
ααααα·αααΎα’ααααα·αα’αα»ααααααα αΆαααααα αααααααααΈαααααααααααΆ python αα·αα αΆααααααΎαααα FreeRadius ααΉααα·αααααααααααΌαα»ααααααααΌαααΆαααΆααααα»ααααααΈααΆαα αΌαααα ααΎαααΈααα α’αααααααΌααα·ααααα ααααα·α’αααΈαα»αααΆααααααΆααα α ααΆαα’αα»ααααΆα αα·αααααααααα αααα»αααΆαααααααααΌαα»αα α§ααΆα ααα αααΌαα»ααααααΎααα ααΌα αααα
python {
python_path="/usr/local/etc/raddb/mods-config/python:/usr/local/lib/python2.7:/usr/local/lib/python2.7/site-packages:/usr/local/lib/python27.zip:/usr/local/lib/python2.7:/usr/local/lib/python2.7/plat-freebsd12:/usr/local/lib/python2.7/lib-tk:/usr/local/lib/python2.7/lib-old:/usr/local/lib/python2.7/lib-dynload:/usr/local/lib/python2.7/site-packages"
module = work
mod_instantiate = ${.module}
mod_detach = ${.module}
mod_authorize = ${.module}
func_authorize = authorize
mod_authenticate = ${.module}
func_authenticate = authenticate
mod_preacct = ${.module}
func_preacct = preacct
mod_accounting = ${.module}
func_accounting = accounting
mod_checksimul = ${.module}
mod_pre_proxy = ${.module}
mod_post_proxy = ${.module}
mod_post_auth = ${.module}
mod_recv_coa = ${.module}
mod_send_coa = ${.module}
}
ααααααΈα work.py (αα·αααααααααααΆααα’αα) ααααΌαααααΆαααααα»α /usr/local/etc/raddb/mods-config/python αααα»αααΆαααααααΈαααΈααα»αα
work.py:
#!/usr/local/bin/python
# coding=utf-8
import radiusd
import func
import sys
from pprint import pprint
mysql_host="localhost"
mysql_username="ΡΠΊΠ°ΡΡΠΊ"
mysql_password="ΡΡΠΊΠ°ΡΡΠΊΠ°ΡΡΠΊ"
mysql_base="ΡΡΠΊΠ°ΡΠΊΡΠ°ΡΡ"
def instantiate(p):
print ("*** instantiate ***")
print (p)
# return 0 for success or -1 for failure
def authenticate(p):
print ("*** ΠΡΡΠ΅Π½ΡΠΈΠΊΠ°ΡΠΈΡ!!***")
print (p)
def authorize(p):
radiusd.radlog(radiusd.L_INFO, '*** radlog call in authorize ***')
conn=func.GetConnectionMysql(mysql_host, mysql_username, mysql_password, mysql_base);
param=func.ConvertArrayToNames(p);
pprint(param)
print ("*** ΠΠ²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ ***")
reply = ()
conf = ()
cnt=0
username="";mac="";
# ΡΠ½Π°ΡΠ°Π»Π° ΠΏΡΠΎΠ²Π΅ΡΡΠ΅ΠΌ "ΠΊΠ°ΠΊ ΠΏΠΎΠ»ΠΎΠΆΠ΅Π½ΠΎ", ΠΏΠΎ ΡΠ²ΡΠ·ΠΊΠ΅ Π»ΠΎΠ³ΠΈΠ½/ΠΏΠ°ΡΠΎΠ»Ρ
if ("User-Name" in param) and ("User-Password" in param) :
print ("ΠΠ°ΡΠΈΠ°Π½Ρ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ (1): Π΅ΡΡΡ Π»ΠΎΠ³ΠΈΠ½-ΠΏΠ°ΡΠΎΠ»Ρ")
pprint(param["User-Name"])
pprint(param["User-Password"])
pprint(conn)
print(sys.version_info)
print (radiusd.config)
sql="select radreply.attribute,radreply.value from radcheck inner join radreply on radreply.username=radcheck.username where radcheck.username=%s and radcheck.value=%s"
print(sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql,[param["User-Name"], param["User-Password"]]);
row = cursor.fetchone()
while row is not None:
cnt=cnt+1
username=row["username"]
reply = reply+((str(row["attribute"]),str(row["value"])), )
row = cursor.fetchone()
# Π²Π°ΡΠΈΠ°Π½Ρ, ΡΡΠΎ User-Name - ΡΡΠΎ ΠΠΠ‘ Π°Π΄ΡΠ΅Ρ ΠΠ‘,ΠΏΠ°ΡΠΎΠ»Ρ ΠΈ ΠΏΠΎΡΡΠ° Π½Π΅Ρ
if ("User-Name" in param) and ("User-Password" in param) and (cnt==0):
if param["User-Password"] =='':
if ":" in param["User-Name"]:
pprint(param["User-Name"])
print ("ΠΠ°ΡΠΈΠ°Π½Ρ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ (2): User-Name - ΡΡΠΎ MAC Π°Π΄ΡΠ΅Ρ Π±Π°Π·ΠΎΠ²ΠΎΠΉ ΡΡΠ°Π½ΡΠΈΠΈ, ΠΏΠΎΡΡΠ° ΠΈ ΠΏΠ°ΡΠΎΠ»Ρ Π½Π΅Ρ")
sql="select radreply.username,radreply.attribute,radreply.value from radcheck inner join radreply on radreply.username=radcheck.username where REPLACE(radcheck.mac,':','') = REPLACE(REPLACE('"+str(param["User-Name"])+"','0x',''),':','') and radcheck.sw_port=''"
print (sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
row = cursor.fetchone()
while row is not None:
cnt=cnt+1
username=row["username"]
mac=param["User-Name"]
reply = reply+((str(row["attribute"]),str(row["value"])), )
row = cursor.fetchone()
if ("Agent-Remote-Id" in param) and ("User-Password" in param) and (cnt==0):
if param["User-Password"] =='':
pprint(param["Agent-Remote-Id"])
print ("ΠΠ°ΡΠΈΠ°Π½Ρ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ (2.5): Agent-Remote-Id - ΡΡΠΎ MAC Π°Π΄ΡΠ΅Ρ PON ΠΎΠ±ΠΎΡΡΠ΄ΠΎΠ²Π°Π½ΠΈΡ")
sql="select radreply.username,radreply.attribute,radreply.value from radcheck inner join radreply on radreply.username=radcheck.username where REPLACE(radcheck.mac,':','') = REPLACE(REPLACE('"+str(param["Agent-Remote-Id"])+"','0x',''),':','') and radcheck.sw_port=''"
print (sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
row = cursor.fetchone()
while row is not None:
cnt=cnt+1
username=row["username"]
mac=param["User-Name"]
reply = reply+((str(row["attribute"]),str(row["value"])), )
row = cursor.fetchone()
#ΠΠ°ΡΠΈΠ°Π½Ρ, ΡΡΠΎ Agent-Remote-Id - ΡΡΠΎ ΠΠΠ‘ Π°Π΄ΡΠ΅Ρ ΠΠ‘,ΠΏΠ°ΡΠΎΠ»Ρ ΠΈ ΠΏΠΎΡΡΠ° Π½Π΅Ρ ΠΈ ΠΏΡΠ΅Π΄ΡΠ΄ΡΡΠΈΠ΅ Π²Π°ΡΠΈΠ°Π½ΡΡ ΠΏΠΎΠΈΡΠΊΠ° IP ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΠ° Π½Π΅ Π΄Π°Π»ΠΈ
if ("Agent-Remote-Id" in param) and ("User-Password" not in param) and (cnt==0):
pprint(param["Agent-Remote-Id"])
print ("ΠΠ°ΡΠΈΠ°Π½Ρ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ (3): Agent-Remote-Id - ΠΠΠ‘ Π±Π°Π·ΠΎΠ²ΠΎΠΉ ΡΡΠ°Π½ΡΠΈΠΈ/ΠΏΠΎΠ½. ΠΠΎΡΡΠ° Π² Π±ΠΈΠ»Π»ΠΈΠ½Π³Π΅ Π½Π΅Ρ")
sql="select radreply.username,radreply.attribute,radreply.value from radcheck inner join radreply on radreply.username=radcheck.username where REPLACE(radcheck.mac,':','') = REPLACE(REPLACE('"+str(param["Agent-Remote-Id"])+"','0x',''),':','') and radcheck.sw_port=''"
print(sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
row = cursor.fetchone()
while row is not None:
cnt=cnt+1
mac=param["Agent-Remote-Id"]
username=row["username"]
reply = reply+((str(row["attribute"]),str(row["value"])), )
row = cursor.fetchone()
#ΠΠ°ΡΠΈΠ°Π½Ρ, ΡΡΠΎ ΠΏΡΠ΅Π΄ΡΠ΄ΡΡΠΈΠ΅ ΠΏΠΎΠΏΡΡΠΊΠΈ ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΠ° Π½Π΅ Π΄Π°Π»ΠΈ, Π½ΠΎ Π΅ΡΡΡ Agent-Remote-Id ΠΈ Agent-Circuit-Id
if ("Agent-Remote-Id" in param) and ("Agent-Circuit-Id" in param) and (cnt==0):
pprint(param["Agent-Remote-Id"])
pprint(param["Agent-Circuit-Id"])
print ("ΠΠ°ΡΠΈΠ°Π½Ρ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ (4): Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ ΠΏΠΎ Agent-Remote-Id ΠΈ Agent-Circuit-Id, Π² Π±ΠΈΠ»Π»ΠΈΠ½Π³Π΅ Π΅ΡΡΡ ΠΏΠΎΡΡ/ΠΌΠ°ΠΊ")
sql="select radreply.username,radreply.attribute,radreply.value from radcheck inner join radreply on radreply.username=radcheck.username where upper(radcheck.sw_mac)=upper(REPLACE('"+str(param["Agent-Remote-Id"])+"','0x','')) and upper(radcheck.sw_port)=upper(RIGHT('"+str(param["Agent-Circuit-Id"])+"',2)) and radcheck.sw_port<>''"
print(sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
row = cursor.fetchone()
while row is not None:
cnt=cnt+1
mac=param["Agent-Remote-Id"]
username=row["username"]
reply = reply+((str(row["attribute"]),str(row["value"])), )
row = cursor.fetchone()
# Π΅ΡΠ»ΠΈ ΡΠ°ΠΊ Π΄ΠΎ ΡΠΈΡ
ΠΏΠΎΡ IP Π½Π΅ ΠΏΠΎΠ»ΡΡΠ΅Π½, ΡΠΎ Π²ΡΠ΄Π°Ρ ΠΈΠ΅Π³ΠΎ ΠΈΠ· Π³ΠΎΡΡΠ΅Π²ΠΎΠΉ ΡΠ΅ΡΠΈ..
if cnt==0:
print ("ΠΠΈ ΠΎΠ΄ΠΈΠ½ ΠΈΠ· Π²Π°ΡΠΈΠ°Π½ΡΠΎΠ² Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ Π½Π΅ ΡΡΠ°Π±ΠΎΡΠ°Π», ΠΏΠΎΠ»ΡΡΠ°Ρ IP ΠΈΠ· Π³ΠΎΡΡΠ΅Π²ΠΎΠΉ ΡΠ΅ΡΠΈ..")
ip=func.GetGuestNet(conn)
if ip!="":
cnt=cnt+1;
reply = reply+(("Framed-IP-Address",str(ip)), )
# Π΅ΡΠ»ΠΈ ΡΠΎΠ²ΡΠ΅ΠΌ Π²ΡΡ ΠΏΠ»ΠΎΡ
ΠΎ, ΡΠΎ Reject
if cnt==0:
conf = ( ("Auth-Type", "Reject"), )
else:
#Π΅ΡΠ»ΠΈ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ ΡΡΠΏΠ΅ΡΠ½Π°Ρ (Π΅ΡΡΡ ΡΠ°ΠΊΠΎΠΉ Π°Π±ΠΎΠ½Π΅Π½Ρ), ΡΠΎ Π·Π°ΠΏΠΈΡΠ΅ΠΌ ΠΈΡΡΠΎΡΠΈΡ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ
if username!="":
func.InsertToHistory(conn,username,mac, reply);
conf = ( ("Auth-Type", "Accept"), )
pprint (reply)
conn=None;
return radiusd.RLM_MODULE_OK, reply, conf
def preacct(p):
print ("*** preacct ***")
print (p)
return radiusd.RLM_MODULE_OK
def accounting(p):
print ("*** ΠΠΊΠΊΠ°ΡΠ½ΡΠΈΠ½Π³ ***")
radiusd.radlog(radiusd.L_INFO, '*** radlog call in accounting (0) ***')
print (p)
conn=func.GetConnectionMysql(mysql_host, mysql_username, mysql_password, mysql_base);
param=func.ConvertArrayToNames(p);
pprint(param)
print("Π£Π΄Π°Π»ΠΈΠΌ ΡΡΠ°ΡΡΠ΅ ΡΠ΅ΡΡΠΈΠΈ (Π±ΠΎΠ»Π΅Π΅ 20 ΠΌΠΈΠ½ΡΡ Π½Π΅Ρ Π°ΠΊΠΊΠ°ΡΠ½ΡΠΈΠ½Π³Π°)");
sql="delete from radacct where TIMESTAMPDIFF(minute,acctupdatetime,now())>20"
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
conn.commit()
print("ΠΠ±Π½ΠΎΠ²ΠΈΠΌ/Π΄ΠΎΠ±Π°Π²ΠΈΠΌ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ ΠΎ ΡΠ΅ΡΡΠΈΠΈ")
if (("Acct-Unique-Session-Id" in param) and ("User-Name" in param) and ("Framed-IP-Address" in param)):
sql='insert into radacct (radacctid,acctuniqueid,username,framedipaddress,acctstarttime) values (null,"'+str(param['Acct-Unique-Session-Id'])+'","'+str(param['User-Name'])+'","'+str(param['Framed-IP-Address'])+'",now()) ON DUPLICATE KEY update acctupdatetime=now()'
print(sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql)
conn.commit()
conn=None;
return radiusd.RLM_MODULE_OK
def pre_proxy(p):
print ("*** pre_proxy ***")
print (p)
return radiusd.RLM_MODULE_OK
def post_proxy(p):
print ("*** post_proxy ***")
print (p)
return radiusd.RLM_MODULE_OK
def post_auth(p):
print ("*** post_auth ***")
print (p)
return radiusd.RLM_MODULE_OK
def recv_coa(p):
print ("*** recv_coa ***")
print (p)
return radiusd.RLM_MODULE_OK
def send_coa(p):
print ("*** send_coa ***")
print (p)
return radiusd.RLM_MODULE_OK
def detach():
print ("*** ΠΠ° ΡΡΠΎΠΌ Π²ΡΡ Π΄Π΅ΡΠΈΡΠ΅ΡΠΊΠΈ ***")
return radiusd.RLM_MODULE_OK
func.pyα
#!/usr/bin/python2.7
# coding=utf-8
import mysql.connector
from mysql.connector import Error
# Π€ΡΠ½ΠΊΡΠΈΡ Π²ΠΎΠ·Π²ΡΠ°ΡΠ°Π΅Ρ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ Ρ MySQL
def GetConnectionMysql(mysql_host, mysql_username, mysql_password, mysql_base):
try:
conn = mysql.connector.connect(host=mysql_host,database=mysql_base,user=mysql_username,password=mysql_password)
if conn.is_connected(): print('---cΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ Ρ ΠΠ '+mysql_base+' ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½ΠΎ')
except Error as e:
print("ΠΡΠΈΠ±ΠΊΠ°: ",e);
exit(1);
return conn
def ConvertArrayToNames(p):
mass={};
for z in p:
mass[z[0]]=z[1]
return mass
# Π€ΡΠ½ΠΊΡΠΈΡ Π·Π°ΠΏΠΈΡΡΠ²Π°Π΅Ρ ΠΈΡΡΠΎΡΠΈΡ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ ΠΏΠΎ ΠΈΠ·Π²Π΅ΡΡΠ½ΡΠΌ Π΄Π°Π½Π½ΡΠΌ
def InsertToHistory(conn,username,mac, reply):
print("--Π·Π°ΠΏΠΈΡΡΠ²Π°Ρ Π΄Π»Ρ ΠΈΡΡΠΎΡΠΈΠΈ")
repl=ConvertArrayToNames(reply)
if "Framed-IP-Address" in repl:
sql='insert into radpostauth (username,reply,authdate,ip,mac,session_id,comment) values ("'+username+'","Access-Accept",now(),"'+str(repl["Framed-IP-Address"])+'","'+str(mac)+'","","")'
print(sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
conn.commit()
# Π€ΡΠ½ΠΊΡΠΈΡ Π²ΡΠ΄Π°Π΅Ρ ΠΏΠΎΡΠ»Π΅Π΄Π½ΠΈΠΉ ΠΏΠΎ Π΄Π°ΡΠ΅ Π²ΡΠ΄Π°ΡΠΈ IP Π°Π΄ΡΠ΅Ρ ΠΈΠ· Π³ΠΎΡΡΠ΅Π²ΠΎΠΉ ΡΠ΅ΡΠΈ
def GetGuestNet(conn):
ip="";id=0
sql="select * from guestnet order by dt limit 1"
print (sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
row = cursor.fetchone()
while row is not None:
ip=row["ip"]
id=row["id"]
row = cursor.fetchone()
if id>0:
sql="update guestnet set dt=now() where id="+str(id)
print (sql)
cursor = conn.cursor(dictionary=True,buffered=True)
cursor.execute(sql);
conn.commit()
return ip
radiusd.pyα
#!/usr/bin/python2.7
# coding=utf-8
# from modules.h
RLM_MODULE_REJECT = 0
RLM_MODULE_FAIL = 1
RLM_MODULE_OK = 2
RLM_MODULE_HANDLED = 3
RLM_MODULE_INVALID = 4
RLM_MODULE_USERLOCK = 5
RLM_MODULE_NOTFOUND = 6
RLM_MODULE_NOOP = 7
RLM_MODULE_UPDATED = 8
RLM_MODULE_NUMCODES = 9
# from log.h
L_AUTH = 2
L_INFO = 3
L_ERR = 4
L_WARN = 5
L_PROXY = 6
L_ACCT = 7
L_DBG = 16
L_DBG_WARN = 17
L_DBG_ERR = 18
L_DBG_WARN_REQ = 19
L_DBG_ERR_REQ = 20
# log function
def radlog(level, msg):
import sys
sys.stdout.write(msg + 'n')
level = level
ααΌα αααα’αααα’αΆα ααΎαααΎαααΈαααααΌα ααΎααααα»αααααΆααΆααααααα’ααααααααΆαα’αα·αα·αααααααααΎαα·ααΈααΆααααααααααΆαααΆααα’αααααα’αΆααααααΆα MAC ααααα’αα·αα·αααααααααααΆαα α¬ααααααααααΎα 82 α αΎαααααα·αααΎααΆαα·αααααΎαααΆααα αααααΎαα ααα’αΆααααααΆα IP α αΆαααααα»αααααα·αααααΆααααααΎααΈ "ααααα "αααααΆαα α’αααΈααααα ααααααααΊααααΌαααααααα ααΆααααααααααααααΈαααααΆαααΎααα αααα»ααααααααΆαααΎαααα ααααα ααΌα αααααα»αααΆαα αΆαααΆα αααΈααααααΈα python ααΉααααααααΆαααα ααααααααα ααΆαααΆααα·α ααΆαααααααααΆαααααα»αααΆαααΆαααα―αααΆααα ααααααα
ααααΆαααΎα
server default {
listen {
type = auth
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
ipaddr = *
port = 0
type = acct
limit {
}
}
listen {
type = auth
port = 0
limit {
max_connections = 1600
lifetime = 0
idle_timeout = 30
}
}
listen {
ipv6addr = ::
port = 0
type = acct
limit {
}
}
authorize {
python
filter_username
preprocess
expiration
logintime
}
authenticate {
Auth-Type PAP {
pap
python
}
Auth-Type CHAP {
chap
python
}
Auth-Type MS-CHAP {
mschap
python
}
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
python
exec
attr_filter.accounting_response
}
session {
}
post-auth {
update {
&reply: += &session-state:
}
exec
remove_reply_message_if_eap
Post-Auth-Type REJECT {
attr_filter.access_reject
eap
remove_reply_message_if_eap
}
Post-Auth-Type Challenge {
}
}
pre-proxy {
}
post-proxy {
eap
}
}
αααααααΆααΆαααααΎαααΆαααΆ α αΎαααΎαα’αααΈαααα αΌααααααα»ααααααα ααα»ααααΆααααα α»αα
/usr/local/etc/rc.d/radiusd debug
ααΎβααΆαβα’αααΈβαααααβαααα αα αααααα‘αΎα FreeRadius ααΆααΆααααα½ααααα»αααΆαααΆαααααααααα·ααααα·ααΆαααααααΆαααααααΎα§αααααααααΎααααΆαα radclient α α§ααΆα αααααΆαα’αα»ααααΆαα
echo "User-Name=4C:5E:0C:2E:7F:15,Agent-Remote-Id=0x9845623a8c98,Agent-Circuit-Id=0x00010006" | radclient -x 127.0.0.1:1812 auth testing123
α¬ααααΈα
echo "User-Name=4C:5E:0C:2E:7F:15,Agent-Remote-Id=0x00030f26054a,Agent-Circuit-Id=0x00010002" | radclient -x 127.0.0.1:1813 acct testing123
αααα»αα αααααααΆαα’αααααΆ ααΆαα·αα’αΆα αα αα½α αααααα»αααΆαααααΎαααααααΆααα αα·αααααααΈααααααα "αααααααΆαααΆαααααΆααααααΌα" αα ααΎααΆαααααααΆα "α§ααααΆα αααα" α αααΆαα αα ααΆαααα½αα±ααααααααααΆαα:
- ααΆα’αΆα αα αα½α αααα»αααΆα "αααααααααα" α’αΆααααααΆα MAC α ααΆαααααααααΆαααααααΆααα’αααααΆαααΎααααΈα α»αααααα MAC ααααα’αααααααα α αΎαααΆααΉαααΆααααα αΆ
- αααααα·ααααΆααααΆαα αααααααΆααααααααΊα α½αααΈααΆααα·ααααα αα·αααΆαααΌααααΈααααΆααααα½ααα·αα·ααα "αααα ααααΆααΆαα’αα·αα·αααααααΆαα’αΆααααααΆα IP ααΌα ααααΆαα½α α αΎα?"
αααααααΆααααααΆ "αααααααααΆααααΆαααΈαααΆααααΌααΈ" αααααααΌαααΆααα
ααΆα‘αΎαααΎααααΈααααΎαααΆαααΆαα·ααααα
αααα»ααααααααααααααααα»α ααααΆαα’αααΈαααααα αα»αβαα·αα·α
ααααβαααβαααΊααααΆααβ
ααααα: www.habr.com