| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 1269 2013-12-16 23:13:20Z richard $
|
2 |
# $Id: alcasar.sh 1278 2014-01-04 15:13:01Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
|
5 |
|
| 6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
| 7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
| Line 743... |
Line 743... |
| 743 |
param_radius ()
|
743 |
param_radius ()
|
| 744 |
{
|
744 |
{
|
| 745 |
cp -f $DIR_CONF/radiusd-db-vierge.sql /etc/raddb/
|
745 |
cp -f $DIR_CONF/radiusd-db-vierge.sql /etc/raddb/
|
| 746 |
chown -R radius:radius /etc/raddb
|
746 |
chown -R radius:radius /etc/raddb
|
| 747 |
[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
|
747 |
[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
|
| 748 |
# paramètrage radius.conf
|
748 |
# Set radius.conf parameters
|
| 749 |
$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
|
749 |
$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
|
| 750 |
$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
|
750 |
$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
|
| 751 |
$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
|
751 |
$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
|
| 752 |
# suppression de la fonction proxy
|
752 |
# remove the proxy function
|
| 753 |
$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf
|
753 |
$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf
|
| 754 |
$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf
|
754 |
$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf
|
| 755 |
# suppression du module EAP
|
755 |
# remove EAP module
|
| 756 |
$SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf
|
756 |
$SED "s?^[\t ]*\$INCLUDE eap.conf.*?#\$INCLUDE eap.conf?g" /etc/raddb/radiusd.conf
|
| 757 |
# écoute sur loopback uniquement (à modifier plus tard pour l'EAP)
|
757 |
# listen on loopback (should be modified later if EAP enabled)
|
| 758 |
$SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf
|
758 |
$SED "s?^[\t ]*ipaddr =.*?ipaddr = 127.0.0.1?g" /etc/raddb/radiusd.conf
|
| 759 |
# prise en compte du module SQL et des compteurs SQL
|
759 |
# enable the SQL module (and SQL counter)
|
| 760 |
$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf
|
760 |
$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql.conf.*?\$INCLUDE sql.conf?g" /etc/raddb/radiusd.conf
|
| 761 |
$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
|
761 |
$SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
|
| 762 |
$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
|
762 |
$SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
|
| 763 |
# purge du répertoire des serveurs virtuels et copie du fichier de configuration d'Alcasar
|
763 |
# remvove virtual server and copy our conf file
|
| 764 |
rm -f /etc/raddb/sites-enabled/*
|
764 |
rm -f /etc/raddb/sites-enabled/*
|
| 765 |
cp $DIR_CONF/alcasar-radius /etc/raddb/sites-available/alcasar
|
765 |
cp $DIR_CONF/radius/alcasar-radius /etc/raddb/sites-available/alcasar
|
| 766 |
chown radius:apache /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap # droits rw pour apache (module ldap)
|
766 |
chown radius:apache /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap # droits rw pour apache (module ldap)
|
| 767 |
chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap
|
767 |
chmod 660 /etc/raddb/sites-available/alcasar /etc/raddb/modules/ldap
|
| 768 |
chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules
|
768 |
chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/modules
|
| 769 |
ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
|
769 |
ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
|
| 770 |
# Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide'
|
770 |
# Inutile dans notre fonctionnement mais les liens sont recréés par un update de radius ... donc forcé en tant que fichier à 'vide'
|
| 771 |
touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default}
|
771 |
touch /etc/raddb/sites-enabled/{inner-tunnel,control-socket,default}
|
| 772 |
# configuration du fichier client.conf (127.0.0.1 suffit mais on laisse le deuxième client pour la future gestion de l'EAP)
|
772 |
# client.conf configuration (127.0.0.1 suffit mais on laisse le deuxième client pour la future gestion de l'EAP)
|
| 773 |
[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
|
773 |
[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
|
| 774 |
cat << EOF > /etc/raddb/clients.conf
|
774 |
cat << EOF > /etc/raddb/clients.conf
|
| 775 |
client 127.0.0.1 {
|
775 |
client 127.0.0.1 {
|
| 776 |
secret = $secretradius
|
776 |
secret = $secretradius
|
| 777 |
shortname = localhost
|
777 |
shortname = localhost
|
| 778 |
}
|
778 |
}
|
| 779 |
EOF
|
779 |
EOF
|
| 780 |
# modif sql.conf
|
780 |
# sql.conf modification
|
| 781 |
[ -e /etc/raddb/sql.conf.default ] || cp /etc/raddb/sql.conf /etc/raddb/sql.conf.default
|
781 |
[ -e /etc/raddb/sql.conf.default ] || cp /etc/raddb/sql.conf /etc/raddb/sql.conf.default
|
| 782 |
$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/sql.conf
|
782 |
$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/sql.conf
|
| 783 |
$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/sql.conf
|
783 |
$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/sql.conf
|
| 784 |
$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/sql.conf
|
784 |
$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/sql.conf
|
| 785 |
$SED "s?^[\t ]*sqltrace =.*?sqltrace = no?g" /etc/raddb/sql.conf
|
785 |
$SED "s?^[\t ]*sqltrace =.*?sqltrace = no?g" /etc/raddb/sql.conf
|
| 786 |
# modif dialup.conf
|
786 |
# dialup.conf modification (case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.)
|
| 787 |
[ -e /etc/raddb/sql/mysql/dialup.conf.default ] || cp /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.default
|
787 |
[ -e /etc/raddb/sql/mysql/dialup.conf.default ] || cp /etc/raddb/sql/mysql/dialup.conf /etc/raddb/sql/mysql/dialup.conf.default
|
| 788 |
cp -f $DIR_CONF/dialup.conf /etc/raddb/sql/mysql/dialup.conf
|
788 |
cp -f $DIR_CONF/radius/dialup.conf /etc/raddb/sql/mysql/dialup.conf
|
| - |
|
789 |
# counter.conf modification (change the Max-All-Session-Time counter)
|
| - |
|
790 |
[ -e /etc/raddb/sql/mysql/counter.conf.default ] || cp /etc/raddb/sql/mysql/counter.conf /etc/raddb/sql/mysql/counter.conf.default
|
| - |
|
791 |
cp -f $DIR_CONF/radius/counter.conf /etc/raddb/sql/mysql/counter.conf
|
| - |
|
792 |
chown -R radius:radius /etc/raddb/sql/mysql/*
|
| 789 |
# insures that mysql is up before radius start
|
793 |
# insures that mysql is up before radius start
|
| 790 |
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
|
794 |
$SED "s?^After=.*?After=syslog.target network.target mysqld.service?g" /lib/systemd/system/radiusd.service
|
| 791 |
|
795 |
|
| 792 |
} # End param_radius ()
|
796 |
} # End param_radius ()
|
| 793 |
|
797 |
|
| Line 815... |
Line 819... |
| 815 |
$SED "s?^sql_password_attribute:.*?sql_password_attribute: Crypt-Password?g" /etc/freeradius-web/admin.conf
|
819 |
$SED "s?^sql_password_attribute:.*?sql_password_attribute: Crypt-Password?g" /etc/freeradius-web/admin.conf
|
| 816 |
$SED "s?^general_finger_type.*?# general_finger_type: snmp?g" /etc/freeradius-web/admin.conf
|
820 |
$SED "s?^general_finger_type.*?# general_finger_type: snmp?g" /etc/freeradius-web/admin.conf
|
| 817 |
$SED "s?^general_stats_use_totacct.*?general_stats_use_totacct: yes?g" /etc/freeradius-web/admin.conf
|
821 |
$SED "s?^general_stats_use_totacct.*?general_stats_use_totacct: yes?g" /etc/freeradius-web/admin.conf
|
| 818 |
$SED "s?^general_charset.*?general_charset: utf-8?g" /etc/freeradius-web/admin.conf
|
822 |
$SED "s?^general_charset.*?general_charset: utf-8?g" /etc/freeradius-web/admin.conf
|
| 819 |
[ -e /etc/freeradius-web/config.php.default ] || cp /etc/freeradius-web/config.php /etc/freeradius-web/config.php.default
|
823 |
[ -e /etc/freeradius-web/config.php.default ] || cp /etc/freeradius-web/config.php /etc/freeradius-web/config.php.default
|
| 820 |
cp -f $DIR_CONF/freeradiusweb-config.php /etc/freeradius-web/config.php
|
824 |
cp -f $DIR_CONF/radius/freeradiusweb-config.php /etc/freeradius-web/config.php
|
| 821 |
cat <<EOF > /etc/freeradius-web/naslist.conf
|
825 |
cat <<EOF > /etc/freeradius-web/naslist.conf
|
| 822 |
nas1_name: alcasar-$ORGANISME
|
826 |
nas1_name: alcasar-$ORGANISME
|
| 823 |
nas1_model: Portail captif
|
827 |
nas1_model: Portail captif
|
| 824 |
nas1_ip: $PRIVATE_IP
|
828 |
nas1_ip: $PRIVATE_IP
|
| 825 |
nas1_port_num: 0
|
829 |
nas1_port_num: 0
|
| 826 |
nas1_community: public
|
830 |
nas1_community: public
|
| 827 |
EOF
|
831 |
EOF
|
| 828 |
# Modification des attributs visibles lors de la création d'un usager ou d'un groupe
|
832 |
# Modification des attributs visibles lors de la création d'un usager ou d'un groupe
|
| 829 |
[ -e /etc/freeradius-web/user_edit.attrs.default ] || mv /etc/freeradius-web/user_edit.attrs /etc/freeradius-web/user_edit.attrs.default
|
833 |
[ -e /etc/freeradius-web/user_edit.attrs.default ] || mv /etc/freeradius-web/user_edit.attrs /etc/freeradius-web/user_edit.attrs.default
|
| 830 |
cp -f $DIR_CONF/user_edit.attrs /etc/freeradius-web/user_edit.attrs
|
834 |
cp -f $DIR_CONF/radius/user_edit.attrs /etc/freeradius-web/user_edit.attrs
|
| 831 |
# Ajout du mappage des attributs chillispot
|
835 |
# Ajout du mappage des attributs chillispot
|
| 832 |
[ -e /etc/freeradius-web/sql.attrmap.default ] || mv /etc/freeradius-web/sql.attrmap /etc/freeradius-web/sql.attrmap.default
|
836 |
[ -e /etc/freeradius-web/sql.attrmap.default ] || mv /etc/freeradius-web/sql.attrmap /etc/freeradius-web/sql.attrmap.default
|
| 833 |
cp -f $DIR_CONF/sql.attrmap /etc/freeradius-web/sql.attrmap
|
837 |
cp -f $DIR_CONF/radius/sql.attrmap /etc/freeradius-web/sql.attrmap
|
| 834 |
# Modification des attributs visibles sur les pages des statistiques (suppression NAS_IP et NAS_port)
|
838 |
# Modification des attributs visibles sur les pages des statistiques (suppression NAS_IP et NAS_port)
|
| 835 |
[ -e /etc/freeradius-web/sql.attrs.default ] || cp /etc/freeradius-web/sql.attrs /etc/freeradius-web/user_edit.attrs.default
|
839 |
[ -e /etc/freeradius-web/sql.attrs.default ] || cp /etc/freeradius-web/sql.attrs /etc/freeradius-web/sql.attrs.default
|
| 836 |
$SED "s?^NASIPAddress.*?NASIPAddress\tNas IP Address\tno?g" /etc/freeradius-web/sql.attrs
|
840 |
$SED "s?^NASIPAddress.*?NASIPAddress\tNas IP Address\tno?g" /etc/freeradius-web/sql.attrs
|
| 837 |
$SED "s?^NASPortId.*?NASPortId\tNas Port\tno?g" /etc/freeradius-web/sql.attrs
|
841 |
$SED "s?^NASPortId.*?NASPortId\tNas Port\tno?g" /etc/freeradius-web/sql.attrs
|
| 838 |
chown -R apache:apache /etc/freeradius-web
|
842 |
chown -R apache:apache /etc/freeradius-web
|
| 839 |
# Ajout de l'alias vers la page de "changement de mot de passe usager"
|
843 |
# Ajout de l'alias vers la page de "changement de mot de passe usager"
|
| 840 |
cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
|
844 |
cat <<EOF >> /etc/httpd/conf/webapps.d/alcasar.conf
|