Skip to main content

Radius Server Configuration In PostgreSQL


Hi All,

After some time spent on PostgreSQL Radius Configuration, I came up with the following steps to configure PostgreSQL with Radius authentication Configuration. Please correct me, if any where i'm wrong. 

Step 1
=====
We have Downloaded radius server from below link and installed it in local machine.

http://freeradius.org/download.html

Step2
=====
radiusd.conf
------------------
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
name = radiusd
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/${name}.pid
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
type = auth
ipaddr = *
port = 1999 
}
listen {
ipaddr = *
port = 1998 
type = acct
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no

}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200

reject_delay = 1

status_server = yes
}
proxy_requests  = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {

$INCLUDE ${confdir}/modules/

$INCLUDE eap.conf
}
instantiate {
exec

expr

expiration
logintime

}
$INCLUDE policy.conf
$INCLUDE sites-enabled/

Step 3
=====
clients.conf
-----------------
client 127.0.0.1/32 {
ipaddr = 127.0.0.1
netmask = 32
secret = backdoor 
require_message_authenticator = no
shortname = localhost
}

Step 4
=====
users
--------
postgres Cleartext-Password := "postgres"
Service-Type = Framed-User,
Framed-IP-Address = 127.0.0.1,
Framed-IP-Netmask = 255.255.255.0,
Reply-Message = "Hello, %{User-Name} Welcome .. Your Radius Network Authentication is Working"

test    Cleartext-Password := "test"
        Service-Type = Framed-User,
        Framed-IP-Address = 172.0.0.1,
        Framed-IP-Netmask = 255.0.0.0,
        Reply-Message =  "Hello, %{User-Name} Welcome .. Your Radius Network Authentication is Working"

DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP

DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP

DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
Step 5
======
pam_radius.conf
------------------------
# server[:port] shared_secret      timeout (s)
127.0.0.1:1999 backdoor           1


Step 6
======
Start the radius Sever
-----------------------------
radiusd -X


Step 7
=====
Testing Rad server 
--------------------------
[root@localhost PGBAR]# radtest postgres postgres 127.0.0.1:1999 0 backdoor
Sending Access-Request of id 56 to 127.0.0.1 port 1999
       User-Name = "postgres"
       User-Password = "postgres"
       NAS-IP-Address = 127.0.0.1
       NAS-Port = 0
       Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1999, id=56, length=112
       Service-Type = Framed-User
       Framed-IP-Address = 127.0.0.1
       Framed-IP-Netmask = 255.255.255.0
       Reply-Message = "Hello, postgres Welcome .. Your Radius Network Authentication is Working"

Step 8
======
pg_hba.conf
-----------------
local        all               all                                    radius  radiusserver=127.0.0.1   radiussecret=backdoor radiusport=1999 
# IPv4 local connections:
host        all                all                127.0.0.1/32        radius  radiusserver=127.0.0.1   radiussecret=backdoor radiusport=1999       
host        all                all                0.0.0.0/0           radius  radiusserver=127.0.0.1   radiussecret=backdoor radiusport=1999   

pg_reload_conf();

Step 9
======
Testing PostgreSQL Radius Authentication 
-----------------------------------------------------------

[root@localhost bin]# ./psql -h 172.24.35.118 -U postgres -p 5432 postgres
Password for user postgres:
psql (8.4.7.20, server 9.0.8)
WARNING: psql version 8.4, server version 9.0.
        Some psql features might not work.
SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
Type "help" for help.

postgres=#


Step 10
======
Testing radius configuration log file.

rad_recv: Access-Request packet from host 127.0.0.1 port 9865, id=122, length=66
       Service-Type = Authenticate-Only
       User-Name = "postgres"
       NAS-Identifier = "postgresql"
       User-Password = "postgres"
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "postgres", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry postgres at line 86
[files]         expand: Hello, %{User-Name} Welcome .. Your Radius Network Authentication is Working -> Hello, postgres Welcome .. Your Radius Network Authentication is Working
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "postgres"
[pap] Using clear text password "postgres"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 122 to 127.0.0.1 port 9865
       Service-Type = Framed-User
       Framed-IP-Address = 127.0.0.1
       Framed-IP-Netmask = 255.255.255.0
       Reply-Message = "Hello, postgres Welcome .. Your Radius Network Authentication is Working"
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.


--Dinesh
Labels:

Comments

Post a Comment

Popular posts from this blog

How To Send E-Mail From PostgreSQL

Hi , If you want to send E-Mails from PostgreSQL, then use the below Python 3.2 Script as below. I have used ActivePython 3.2 with PostgreSQL 9.1 for sending E-Mails from PostgreSQL. If you want to configure the Python 3.2 with PostgreSQL 9.1 then, please refer the below steps. http://manojadinesh.blogspot.in/2012/06/fatal-python-error-pyinitialize-unable.html Once, your Python 3.2 successful then follow the below steps to send an e-mail. Step 1 ===== postgres=# CREATE OR REPLACE FUNCTION public.send_email(_from Text,_password Text,smtp Text,port INT,receiver text, subject text, send_message text) RETURNS TEXT  LANGUAGE plpython3u AS $function$ import smtplib sender = _from receivers = receiver message = ("From: %s\nTo: %s\nSubject: %s\n\n %s"  % (_from,receiver,subject,send_message)) try:   smtpObj = smtplib.SMTP(smtp,port)   smtpObj.starttls()   smtpObj.login(_from, _password)   smtpObj.sendmail(sender, receivers,message) ...
17 comments
Read more

Parallel Operations With pl/pgSQL

Hi, I am pretty sure that, there will be a right heading for this post. For now, i am going with this. If you could suggest me proper heading, i will update it :-) OK. let me explain the situation. Then will let you know what i am trying to do here, and how i did it. Situation here is, We have a table, which we need to run update on “R” no.of records. The update query is using some joins to get the desired result, and do update the table.  To process these “R” no.of records, it is taking “H” no.of hours. That too, it’s giving load on the production server. So, we planned to run this UPDATE as batch process.  Per a batch process, we took “N” no.or records. To process this batch UPDATE, it is taking “S” no.of seconds. With the above batch process, production server is pretty stable, and doing great. So, we planned to run these Batch updates parallel.  I mean, “K” sessions, running different record UPDATEs. Of-course, we can also increase the Batch size ...
37 comments
Read more

Pgpool Configuration & Failback

I would like to share the pgpool configuration, and it's failback mechanism in this post. Hope it will be helpful to you in creating pgpool and it's failback setup. Pgpool Installation & Configuration 1. Download the pgpool from below link(Latest version is 3.2.1).     http://www.pgpool.net/mediawiki/index.php/Downloads 
2. Untart the pgpool-II-3.2.1.tar.gz and goto pgpool-II-3.2.1 directory. 3. Install the pgpool by executing the below commands:   ./configure ­­prefix=/opt/PostgreSQL92/ ­­--with­-pgsql­-includedir=/opt/PostgreSQL92/include/ --with­-pgsql­-libdir=/opt/PostgreSQL92/lib/ make make install 4. You can see the pgpool files in /opt/PostgreSQL92/bin location. /opt/PostgreSQL92/bin $ ls clusterdb   droplang  pcp_attach_node  pcp_proc_count pcp_systemdb_info  pg_controldata  pgpool pg_test_fsync pltcl_loadmod  reindexdb createdb    dropuser  pcp_detach_node  pcp_proc_info createla...
4 comments
Read more