Subversion Repositories ALCASAR

Rev

Rev 1269 | Rev 1293 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1269 Rev 1278
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 1269 2013-12-16 23:13:20Z richard $ 
2
#  $Id: alcasar.sh 1278 2014-01-04 15:13:01Z richard $ 
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
 
5
 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
6
# ALCASAR Install script -  CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...] 
7
# Ce programme est un logiciel libre ; This software is free and open source
7
# Ce programme est un logiciel libre ; This software is free and open source
Line 743... Line 743...
743
param_radius ()
743
param_radius ()
744
{
744
{
745
	cp -f $DIR_CONF/radiusd-db-vierge.sql /etc/raddb/
745
	cp -f $DIR_CONF/radiusd-db-vierge.sql /etc/raddb/
746
	chown -R radius:radius /etc/raddb
746
	chown -R radius:radius /etc/raddb
747
	[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
747
	[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
748
# paramètrage radius.conf
748
# Set radius.conf parameters
749
	$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
749
	$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
750
	$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
750
	$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
751
	$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
751
	$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
752
# suppression de la fonction proxy
752
# remove the proxy function
753
	$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf
753
	$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf
754
	$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf
754
	$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf
755
# suppression du module EAP
755
# remove EAP module
756
	$SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf
756
	$SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf
757
# écoute sur loopback uniquement (à modifier plus tard pour l'EAP)
757
# listen on loopback (should be modified later if EAP enabled)
758
	$SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf
758
	$SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf
759
# prise en compte du module SQL et des compteurs SQL
759
# enable the  SQL module (and SQL counter)
760
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf
760
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf
761
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
761
	$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
762
	$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
762
	$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
763
# purge du répertoire des serveurs virtuels et copie du fichier de configuration d'Alcasar
763
# remvove virtual server and copy our conf file
764
	rm -f /etc/raddb/sites-enabled/*
764
	rm -f /etc/raddb/sites-enabled/*
765
       	cp $DIR_CONF/alcasar-radius /etc/raddb/sites-available/alcasar
765
       	cp $DIR_CONF/radius/alcasar-radius /etc/raddb/sites-available/alcasar
766
	chown radius:apache /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap # droits rw pour apache (module ldap)
766
	chown radius:apache /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap # droits rw pour apache (module ldap)
767
	chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap
767
	chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap
768
	chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules
768
	chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules
769
	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
769
	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
770
# Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide'
770
# Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide'
771
	touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default}
771
	touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default}
772
# configuration du fichier client.conf (127.0.0.1 suffit mais on laisse le deuxième client pour la future gestion de l'EAP)
772
# client.conf configuration (127.0.0.1 suffit mais on laisse le deuxième client pour la future gestion de l'EAP)
773
	[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
773
	[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
774
	cat << EOF > /etc/raddb/clients.conf
774
	cat << EOF > /etc/raddb/clients.conf
775
client 127.0.0.1 {
775
client 127.0.0.1 {
776
	secret = $secretradius
776
	secret = $secretradius
777
	shortname = localhost
777
	shortname = localhost
778
}
778
}
779
EOF
779
EOF
780
# modif sql.conf
780
# sql.conf modification
781
	[ -e /etc/raddb/sql.conf.default ] || cp /etc/raddb/sql.conf /etc/raddb/sql.conf.default
781
	[ -e /etc/raddb/sql.conf.default ] || cp /etc/raddb/sql.conf /etc/raddb/sql.conf.default
782
	$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/sql.conf
782
	$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/sql.conf
783
	$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/sql.conf
783
	$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/sql.conf
784
	$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/sql.conf
784
	$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/sql.conf
785
	$SED "s?^[\t ]*sqltrace =.*?sqltrace = no?g" /etc/raddb/sql.conf
785
	$SED "s?^[\t ]*sqltrace =.*?sqltrace = no?g" /etc/raddb/sql.conf
786
# modif dialup.conf
786
# dialup.conf modification (case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.) 
787
	[ -e /etc/raddb/sql/mysql/dialup.conf.default ] || cp /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.default
787
	[ -e /etc/raddb/sql/mysql/dialup.conf.default ] || cp /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.default
788
	cp -f $DIR_CONF/dialup.conf /etc/raddb/sql/mysql/dialup.conf
788
	cp -f $DIR_CONF/radius/dialup.conf /etc/raddb/sql/mysql/dialup.conf
-
 
789
# counter.conf modification (change the Max-All-Session-Time counter)
-
 
790
	[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
-
 
791
	cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
-
 
792
	chown -R radius:radius /etc/raddb/sql/mysql/*
789
# insures that mysql is up before radius start
793
# insures that mysql is up before radius start
790
	$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
794
	$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
791
 
795
 
792
} # End param_radius ()
796
} # End param_radius ()
793
 
797
 
Line 815... Line 819...
815
	$SED "s?^sql_password_attribute:.*?sql_password_attribute: Crypt-Password?g" /etc/freeradius-web/admin.conf
819
	$SED "s?^sql_password_attribute:.*?sql_password_attribute: Crypt-Password?g" /etc/freeradius-web/admin.conf
816
	$SED "s?^general_finger_type.*?# general_finger_type: snmp?g" /etc/freeradius-web/admin.conf
820
	$SED "s?^general_finger_type.*?# general_finger_type: snmp?g" /etc/freeradius-web/admin.conf
817
	$SED "s?^general_stats_use_totacct.*?general_stats_use_totacct: yes?g" /etc/freeradius-web/admin.conf
821
	$SED "s?^general_stats_use_totacct.*?general_stats_use_totacct: yes?g" /etc/freeradius-web/admin.conf
818
	$SED "s?^general_charset.*?general_charset: utf-8?g" /etc/freeradius-web/admin.conf
822
	$SED "s?^general_charset.*?general_charset: utf-8?g" /etc/freeradius-web/admin.conf
819
	[ -e /etc/freeradius-web/config.php.default ] || cp /etc/freeradius-web/config.php /etc/freeradius-web/config.php.default
823
	[ -e /etc/freeradius-web/config.php.default ] || cp /etc/freeradius-web/config.php /etc/freeradius-web/config.php.default
820
	cp -f $DIR_CONF/freeradiusweb-config.php /etc/freeradius-web/config.php
824
	cp -f $DIR_CONF/radius/freeradiusweb-config.php /etc/freeradius-web/config.php
821
	cat <<EOF > /etc/freeradius-web/naslist.conf
825
	cat <<EOF > /etc/freeradius-web/naslist.conf
822
nas1_name: alcasar-$ORGANISME
826
nas1_name: alcasar-$ORGANISME
823
nas1_model: Portail captif
827
nas1_model: Portail captif
824
nas1_ip: $PRIVATE_IP
828
nas1_ip: $PRIVATE_IP
825
nas1_port_num: 0
829
nas1_port_num: 0
826
nas1_community: public
830
nas1_community: public
827
EOF
831
EOF
828
# Modification des attributs visibles lors de la création d'un usager ou d'un groupe
832
# Modification des attributs visibles lors de la création d'un usager ou d'un groupe
829
	[ -e /etc/freeradius-web/user_edit.attrs.default ] || mv /etc/freeradius-web/user_edit.attrs /etc/freeradius-web/user_edit.attrs.default
833
	[ -e /etc/freeradius-web/user_edit.attrs.default ] || mv /etc/freeradius-web/user_edit.attrs /etc/freeradius-web/user_edit.attrs.default
830
	cp -f $DIR_CONF/user_edit.attrs /etc/freeradius-web/user_edit.attrs
834
	cp -f $DIR_CONF/radius/user_edit.attrs /etc/freeradius-web/user_edit.attrs
831
# Ajout du mappage des attributs chillispot
835
# Ajout du mappage des attributs chillispot
832
	[ -e /etc/freeradius-web/sql.attrmap.default ] || mv /etc/freeradius-web/sql.attrmap /etc/freeradius-web/sql.attrmap.default
836
	[ -e /etc/freeradius-web/sql.attrmap.default ] || mv /etc/freeradius-web/sql.attrmap /etc/freeradius-web/sql.attrmap.default
833
	cp -f $DIR_CONF/sql.attrmap /etc/freeradius-web/sql.attrmap
837
	cp -f $DIR_CONF/radius/sql.attrmap /etc/freeradius-web/sql.attrmap
834
# Modification des attributs visibles sur les pages des statistiques (suppression NAS_IP et NAS_port)
838
# Modification des attributs visibles sur les pages des statistiques (suppression NAS_IP et NAS_port)
835
	[ -e /etc/freeradius-web/sql.attrs.default ] || cp /etc/freeradius-web/sql.attrs /etc/freeradius-web/user_edit.attrs.default
839
	[ -e /etc/freeradius-web/sql.attrs.default ] || cp /etc/freeradius-web/sql.attrs /etc/freeradius-web/sql.attrs.default
836
	$SED "s?^NASIPAddress.*?NASIPAddress\tNas IP Address\tno?g" /etc/freeradius-web/sql.attrs
840
	$SED "s?^NASIPAddress.*?NASIPAddress\tNas IP Address\tno?g" /etc/freeradius-web/sql.attrs
837
	$SED "s?^NASPortId.*?NASPortId\tNas Port\tno?g" /etc/freeradius-web/sql.attrs
841
	$SED "s?^NASPortId.*?NASPortId\tNas Port\tno?g" /etc/freeradius-web/sql.attrs
838
	chown -R apache:apache /etc/freeradius-web
842
	chown -R apache:apache /etc/freeradius-web
839
# Ajout de l'alias vers la page de "changement de mot de passe usager"
843
# Ajout de l'alias vers la page de "changement de mot de passe usager"
840
	cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
844
	cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf