freeradius installation, configuration and replication notlar

amac tek bir makinaya gelen radius trafigini birden fazla sayida makinaya cogullamak.
kullandigim modul:

mod-enabled/replicate
#  Replicate packet(s) to a home server.
#
#  This module will open a new socket for each packet, and "clone"
#  the incoming packet to the destination realm (i.e. home server).


kurulum:
--

yum install libtalloc-devel openssl-devel gcc
mkdir -p /opt/freeradius
cd freeradius-server-3.0.11
./configure --prefix=/opt/freeradius
make
make install


files:
--
-/etc/raddb/sites-enabled/default  bu dosyada authorize, preacct bolumlerine ekleme yaptim, loglarin detayli loglanmasi icin detail ifadelerini ekledim
-/etc/raddb/mods-enabled/detail bu dosyada detail loglarin yazilacagi lokasyonu degistirdim
-/etc/raddb/clients.conf bu dosyaya client ip ve secretkey bilgileri ile alakali duzenleme yaptim
-/etc/raddb/proxy.conf bu dosyaya realm, home server ve home server pool tanimlari ekledim
-/etc/raddb/radiusd.conf bu dosyada ssl guvenlik uyarisini bypass etmek icin duzenleme yaptim
-/etc/raddb/users bu dosyaya manuel valid user ekledim

config:
--

add to authorize, preacct

        update control {
                &Replicate-To-Realm := server1
                &Replicate-To-Realm += server2
                &Replicate-To-Realm += server3
        }
        replicate


add to authorize, preacct /etc/raddb/sites-enabled/default:

        update control {
                &Replicate-To-Realm := server1
                &Replicate-To-Realm += server2
        }
        replicate
--

add to: /etc/raddb/proxy.conf

client 0.0.0.0/0 {
    secret = mysecretkey
    require_message_authenticator=no
}
--

add to: /etc/raddb/proxy.conf

home_server remote_server_1 {
        ipaddr = 192.168.5.171
        port = 1812
        type = auth+acct
        secret = mysecretkey
}
home_server remote_server_2 {
        ipaddr = 192.168.5.172
        port = 1812
        type = auth+acct
        secret = mysecretkey
}
home_server remote_server_3 {
        ipaddr = 192.168.5.173
        port = 1812
        type = auth+acct
        secret = mysecretkey
}

home_server_pool remote_pool_1 {
        type = fail-over
        home_server = remote_server_1
}
home_server_pool remote_pool_2 {
        type = fail-over
        home_server = remote_server_2
}
home_server_pool remote_pool_3 {
        type = fail-over
        home_server = remote_server_3
}

realm server1 {
      auth_pool = remote_pool_1
      acct_pool = remote_pool_1
}
realm server2 {
      auth_pool = remote_pool_2
      acct_pool = remote_pool_2
}
realm server3 {
      auth_pool = remote_pool_2
      acct_pool = remote_pool_2
}


kullanici tanimlama:
--

add to: /etc/raddb/users

testuser        Cleartext-Password := "password"




test:
$ for i in $(seq 1 100); do radtest testuser password 192.168.5.174 0 mysecretkey; done