| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar.sh 2422 2017-10-09 22:10:48Z richard $
|
2 |
# $Id: alcasar.sh 2423 2017-10-10 22:11:26Z richard $
|
| 3 |
|
3 |
|
| 4 |
# alcasar.sh
|
4 |
# alcasar.sh
|
| 5 |
|
5 |
|
| 6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
6 |
# ALCASAR Install script - CopyLeft ALCASAR Team [Rexy + 3abtux + Steweb + Crox + ...]
|
| 7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
7 |
# Ce programme est un logiciel libre ; This software is free and open source
|
| Line 1059... |
Line 1059... |
| 1059 |
$SED "/^ExecStop=/a ExecStartPost=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
|
1059 |
$SED "/^ExecStop=/a ExecStartPost=$DIR_DEST_BIN/alcasar-mysql.sh -acct_stop" /lib/systemd/system/mysqld.service
|
| 1060 |
/usr/bin/systemctl unset-environment MYSQLD_OPTS
|
1060 |
/usr/bin/systemctl unset-environment MYSQLD_OPTS
|
| 1061 |
/usr/bin/systemctl daemon-reload
|
1061 |
/usr/bin/systemctl daemon-reload
|
| 1062 |
} # End of init_db ()
|
1062 |
} # End of init_db ()
|
| 1063 |
|
1063 |
|
| 1064 |
##########################################################################
|
1064 |
###################################################################
|
| 1065 |
## Fonction "freeradius" ##
|
1065 |
## Function "freeradius" ##
|
| 1066 |
## - Paramètrage des fichiers de configuration FreeRadius ##
|
1066 |
## - Set the configuration files ##
|
| 1067 |
## - Affectation du secret partagé entre coova-chilli et freeradius ##
|
1067 |
## - Set the shared secret between coova-chilli and freeradius ##
|
| 1068 |
## - Modification de fichier de conf pour l'accès à Mysql ##
|
1068 |
## - Adapt the Mysql conf file and counters ##
|
| 1069 |
##########################################################################
|
1069 |
###################################################################
|
| 1070 |
freeradius ()
|
1070 |
freeradius ()
|
| 1071 |
{
|
1071 |
{
|
| 1072 |
cp -f $DIR_CONF/empty-radiusd-db.sql /etc/raddb/
|
1072 |
cp -f $DIR_CONF/empty-radiusd-db.sql /etc/raddb/
|
| 1073 |
chown -R radius:radius /etc/raddb
|
1073 |
chown -R radius:radius /etc/raddb
|
| 1074 |
[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
|
1074 |
[ -e /etc/raddb/radiusd.conf.default ] || cp /etc/raddb/radiusd.conf /etc/raddb/radiusd.conf.default
|
| Line 1082... |
Line 1082... |
| 1082 |
# Set "client.conf" to describe radius clients (coova on 127.0.0.1)
|
1082 |
# Set "client.conf" to describe radius clients (coova on 127.0.0.1)
|
| 1083 |
[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
|
1083 |
[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
|
| 1084 |
cat << EOF > /etc/raddb/clients.conf
|
1084 |
cat << EOF > /etc/raddb/clients.conf
|
| 1085 |
client 127.0.0.1 {
|
1085 |
client 127.0.0.1 {
|
| 1086 |
secret = $secretradius
|
1086 |
secret = $secretradius
|
| 1087 |
shortname = localhost
|
1087 |
shortname = coova
|
| 1088 |
}
|
1088 |
}
|
| 1089 |
EOF
|
1089 |
EOF
|
| 1090 |
|
- |
|
| 1091 |
# Set Virtual server (remvove all except "alcasar virtual site")
|
1090 |
# Set Virtual server (remvove all except "alcasar virtual site")
|
| 1092 |
rm -f /etc/raddb/sites-enabled/*
|
1091 |
rm -f /etc/raddb/sites-enabled/*
|
| 1093 |
cp $DIR_CONF/radius/alcasar-radius /etc/raddb/sites-available/alcasar
|
1092 |
cp $DIR_CONF/radius/alcasar-radius /etc/raddb/sites-available/alcasar
|
| 1094 |
chown radius:apache /etc/raddb/sites-available/alcasar
|
1093 |
chown radius:apache /etc/raddb/sites-available/alcasar
|
| 1095 |
chmod 660 /etc/raddb/sites-available/alcasar
|
1094 |
chmod 660 /etc/raddb/sites-available/alcasar
|
| Line 1101... |
Line 1100... |
| 1101 |
rm -rf /etc/raddb/mods-enabled/*
|
1100 |
rm -rf /etc/raddb/mods-enabled/*
|
| 1102 |
for mods in sql sqlcounter attr_filter expiration logintime pap
|
1101 |
for mods in sql sqlcounter attr_filter expiration logintime pap
|
| 1103 |
do
|
1102 |
do
|
| 1104 |
ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
|
1103 |
ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
|
| 1105 |
done
|
1104 |
done
|
| 1106 |
# Configure SQL mod (TODO :and SQL counter)
|
1105 |
# Configure SQL mod
|
| 1107 |
[ -e /etc/raddb/mods-available/sql.default ] || cp /etc/raddb/mods-available/sql /etc/raddb/mods-available/sql.default
|
1106 |
[ -e /etc/raddb/mods-available/sql.default ] || cp /etc/raddb/mods-available/sql /etc/raddb/mods-available/sql.default
|
| 1108 |
cp $DIR_CONF/radius/sql /etc/raddb/mods-available/sql
|
- |
|
| 1109 |
chown radius:radius /etc/raddb/mods-available/sql
|
- |
|
| 1110 |
$SED "s?^[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/mods-available/sql
|
1107 |
$SED "s?^[\t ]*driver =.*?driver = \"rlm_sql_mysql\"?g" /etc/raddb/mods-available/sql
|
| 1111 |
$SED "s?^[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/mods-available/sql
|
1108 |
$SED "s?^[\t ]*dialect =.*?dialect = \"mysql\"?g" /etc/raddb/mods-available/sql
|
| 1112 |
$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/mods-available/sql
|
1109 |
$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/mods-available/sql
|
| 1113 |
|
- |
|
| 1114 |
# $SED "s?^[\t ]*#[\t ]*\$INCLUDE sql/mysql/counter.conf?\$INCLUDE sql/mysql/counter.conf?g" /etc/raddb/radiusd.conf
|
- |
|
| 1115 |
# $SED "s?^[\t ]*\$INCLUDE policy.conf?#\$INCLUDE policy.conf?g" /etc/raddb/radiusd.conf
|
- |
|
| 1116 |
# $SED "s?^[\t ]*\$INCLUDE \${confdir}/modules/.*?\t#\$INCLUDE \${confdir}/modules/\n\t# we only include modules for ALCASAR needs\n\t\$INCLUDE \${confdir}/modules/attr_filter\n\t\$INCLUDE \${confdir}/modules/expiration\n\t\$INCLUDE \${confdir}/modules/logintime\n\t\$INCLUDE \${confdir}/modules/ldap\n\t\$INCLUDE \${confdir}/modules/pap?g" /etc/raddb/radiusd.conf
|
1110 |
$SED "s?^#[\t ]*server =.*?server = \"localhost\"?g" /etc/raddb/mods-available/sql
|
| 1117 |
# $SED "s/^[\t ]exec$/\#\texec/g" /etc/raddb/radiusd.conf
|
1111 |
$SED "s?^#[\t ]*port =.*?port = \"3306\"?g" /etc/raddb/mods-available/sql
|
| 1118 |
# $SED "s?^[\t ]*expr.*?\#\texpr?g" /etc/raddb/radiusd.conf
|
1112 |
$SED "s?^#[\t ]*login =.*?login = \"$DB_USER\"?g" /etc/raddb/mods-available/sql
|
| 1119 |
# $SED "s?^[\t ]*\# daily.*?\#\tdaily\n\tsql?g" /etc/raddb/radiusd.conf
|
1113 |
$SED "s?^#[\t ]*password =.*?password = \"$radiuspwd\"?g" /etc/raddb/mods-available/sql
|
| 1120 |
# $SED "s?^[\t ]*logintime.*?\tlogintime\n\tnoresetcounter\n\tdailycounter\n\tmonthlycounter\n\tattr_filter.access_reject\n\tattr_filter.accounting_response\n\tpap?g" /etc/raddb/radiusd.conf
|
- |
|
| 1121 |
# $SED "s?^[\t ]*\$INCLUDE sites-enabled/.*?\#\$INCLUDE sites-enabled/\n\#\tenable only alcasar virtual server\n\$INCLUDE sites-enabled/alcasar?g" /etc/raddb/radiusd.conf
|
- |
|
| 1122 |
|
- |
|
| 1123 |
# queries.conf modifications : case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.
|
1114 |
# queries.conf modifications : case sensitive for username, check simultaneous use, patch on 'postauth' table, etc.
|
| 1124 |
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] || cp /etc/raddb/mods-config/sql/main/mysql/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf.default
|
1115 |
[ -e /etc/raddb/mods-config/sql/main/mysql/queries.conf.default ] || cp /etc/raddb/mods-config/sql/main/mysql/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf.default
|
| 1125 |
cp -f $DIR_CONF/radius/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf
|
1116 |
cp -f $DIR_CONF/radius/queries.conf /etc/raddb/mods-config/sql/main/mysql/queries.conf
|
| 1126 |
chown -R radius:radius /etc/raddb/mods-config/sql/main/mysql/queries.conf
|
1117 |
chown -R radius:radius /etc/raddb/mods-config/sql/main/mysql/queries.conf
|
| 1127 |
# sqlcounter modifications
|
1118 |
# sqlcounter modifications
|
| Line 1158... |
Line 1149... |
| 1158 |
# Allow apache to change some conf files (ie : ldap on/off)
|
1149 |
# Allow apache to change some conf files (ie : ldap on/off)
|
| 1159 |
chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available
|
1150 |
chgrp apache /etc/raddb /etc/raddb/sites-available /etc/raddb/mods-available
|
| 1160 |
|
1151 |
|
| 1161 |
} # End freeradius ()
|
1152 |
} # End freeradius ()
|
| 1162 |
|
1153 |
|
| 1163 |
##################################################################################
|
1154 |
#############################################################################
|
| 1164 |
## Fonction "chilli" ##
|
1155 |
## Fonction "chilli" ##
|
| 1165 |
## - Création du fichier d'initialisation et de configuration de coova-chilli ##
|
1156 |
## - Creation of the conf file and init file (systemd) for coova-chilli ##
|
| 1166 |
## - Paramètrage de la page d'authentification (intercept.php) ##
|
1157 |
## - Adapt the authentication web page (intercept.php) ##
|
| 1167 |
##################################################################################
|
1158 |
#############################################################################
|
| 1168 |
chilli ()
|
1159 |
chilli ()
|
| 1169 |
{
|
1160 |
{
|
| 1170 |
# chilli unit for systemd
|
1161 |
# chilli unit for systemd
|
| 1171 |
cat << EOF > /lib/systemd/system/chilli.service
|
1162 |
cat << EOF > /lib/systemd/system/chilli.service
|
| 1172 |
# This file is part of systemd.
|
1163 |
# This file is part of systemd.
|