WebSVN – ALCASAR – Diff – /alcasar.sh

 #!/bin/bash
-#  $Id: alcasar.sh 2724 2019-05-05 19:05:53Z rexy $
+#  $Id: alcasar.sh 2728 2019-05-20 20:55:06Z rexy $
 # alcasar.sh
 # ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
 # This script is distributed under the Gnu General Public License (GPL)
 #  team@alcasar.net
 	$SED "s?^[\t ]*#[\t ]*user =.*?user = radius?g" /etc/raddb/radiusd.conf
 	$SED "s?^[\t ]*#[\t ]*group =.*?group = radius?g" /etc/raddb/radiusd.conf
 	$SED "s?^[\t ]*status_server =.*?status_server = no?g" /etc/raddb/radiusd.conf
 	$SED "s?^[\t ]*proxy_requests.*?proxy_requests = no?g" /etc/raddb/radiusd.conf # remove the proxy function
 	$SED "s?^[\t ]*\$INCLUDE proxy.conf.*?#\$INCLUDE proxy.conf?g" /etc/raddb/radiusd.conf # remove the proxy function
-# Add ALCASAR dictionary
+# Add ALCASAR & Coovachilli dictionaries
+	[ -e /etc/raddb/dictionary.default ] || cp /etc/raddb/dictionary /etc/raddb/dictionary.default
 	cp $DIR_CONF/radius/dictionary.alcasar /usr/share/freeradius/dictionary.alcasar
-	echo -e '\n$INCLUDE dictionary.alcasar' >> /usr/share/freeradius/dictionary
+	echo -e '\n$INCLUDE dictionary.alcasar' > /etc/raddb/dictionary
-# Add CoovaChilli dictionary
 	cp /usr/share/doc/coova-chilli/dictionary.coovachilli /usr/share/freeradius/dictionary.coovachilli
-	echo -e '\n$INCLUDE dictionary.coovachilli' >> /usr/share/freeradius/dictionary
+	echo -e '\n$INCLUDE dictionary.coovachilli' >> /etc/raddb/dictionary
 # Set "client.conf" to describe radius clients (coova on 127.0.0.1)
 	[ -e /etc/raddb/clients.conf.default ] || cp -f /etc/raddb/clients.conf /etc/raddb/clients.conf.default
 	cat << EOF > /etc/raddb/clients.conf
 client localhost {
 	ipaddr = 127.0.0.1
 	cp $DIR_CONF/radius/alcasar /etc/raddb/sites-available/alcasar
 	cp $DIR_CONF/radius/alcasar-with-ldap /etc/raddb/sites-available/alcasar-with-ldap
 	chown radius:apache /etc/raddb/sites-available/alcasar*
 	chmod 660 /etc/raddb/sites-available/alcasar*
 	ln -s /etc/raddb/sites-available/alcasar /etc/raddb/sites-enabled/alcasar
-# INFO : To connect from outside (EAP), add the EAP virtual server (link in sites-enabled) and inner-tunnel modules (link in mods-enabled)
+	# INFO : To connect from outside (EAP), add the EAP virtual server (link in sites-enabled) and inner-tunnel modules (link in mods-enabled)
 # Set modules
-# Add custom LDAP "available module"
+	# Add custom LDAP "available module"
 	cp -f $DIR_CONF/radius/ldap-alcasar /etc/raddb/mods-available/
 	chown -R radius:radius /etc/raddb/mods-available/ldap-alcasar
-# Set only usefull modules for ALCASAR (ldap is enabled only via ACC)
+	# Set only usefull modules for ALCASAR (! the module 'ldap-alcasar' is enabled only via ACC)
 	rm -rf  /etc/raddb/mods-enabled/*
 	for mods in sql sqlcounter attr_filter expiration logintime pap expr always
 	do
 		ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
 	done
+	# INFO : To connect from outside (EAP), add the EAP module (and right accesses to the keys (/etc/pki/tls/private/radius.pem)
 # Configure SQL mod
 	[ -e /etc/raddb/mods-available/sql.default ] || cp /etc/raddb/mods-available/sql /etc/raddb/mods-available/sql.default
 	$SED "s?^[\t ]*driver =.*?driver = \"rlm_sql_mysql\"?g" /etc/raddb/mods-available/sql
 	$SED "s?^[\t ]*dialect =.*?dialect = \"mysql\"?g" /etc/raddb/mods-available/sql
 	$SED "s?^[\t ]*radius_db =.*?radius_db = \"$DB_RADIUS\"?g" /etc/raddb/mods-available/sql

Subversion Repositories ALCASAR

(root)/alcasar.sh – Rev 2724 → 2728