Exemple #1
0
def install_freeradius(args):
    '''
    Install and configure the freeradius on the local host.

    '''
    app.print_verbose("Install FreeRadius version: %d" % SCRIPT_VERSION)
    version_obj = version.Version("InstallFreeRadius", SCRIPT_VERSION)
    version_obj.check_executed()

    # Initialize all passwords used by the script
    app.get_ldap_admin_password()

    _install_packages()

    # Configure iptables
    iptables.add_freeradius_chain()
    iptables.save()

    _configure_ldap()
    _enable_ldap()
    _configure_radius()
    _setup_radius_clients()

    x("/etc/init.d/radiusd restart")

    version_obj.mark_executed()
Exemple #2
0
def install_freeradius(args):
    '''
    Install and configure the freeradius on the local host.

    '''
    app.print_verbose("Install FreeRadius version: %d" % SCRIPT_VERSION)
    version_obj = version.Version("InstallFreeRadius", SCRIPT_VERSION)
    version_obj.check_executed()

    # Initialize all passwords used by the script
    app.get_ldap_admin_password()

    _install_packages()

    # Configure iptables
    iptables.add_freeradius_chain()
    iptables.save()

    _configure_ldap()
    _enable_ldap()
    _configure_radius()
    _setup_radius_clients()

    x("/etc/init.d/radiusd restart")

    version_obj.mark_executed()
Exemple #3
0
def install_freeradius(args):
    '''
  Install and configure the mysql-server on the local host.

  '''
    app.print_verbose("Install FreeRadius version: %d" % SCRIPT_VERSION)
    version_obj = version.Version("InstallFreeRadius", SCRIPT_VERSION)
    version_obj.check_executed()

    # Install the mysql-server packages.
    if (not os.access("/usr/sbin/radiusd", os.W_OK | os.X_OK)):
        x("yum -y install freeradius-utils freeradius-ldap")

        x("/sbin/chkconfig radiusd on ")
        if (not os.access("/usr/sbin/radiusd", os.F_OK)):
            raise Exception("Couldn't install FreeRadius")

    # Configure iptables
    iptables.add_freeradius_chain()
    iptables.save()

    app.print_verbose("Copying config")

    ldapconf = scOpen("/etc/raddb/modules/ldap")
    ldapconf.replace(
        "\\t*server =.*",
        "\\tserver=\"ldaps://%s\"" % config.general.get_ldap_hostname())
    ldapconf.replace("\\t#password = .*",
                     "\\tpassword =%s" % app.get_ldap_admin_password())
    ldapconf.replace(
        "\\t#identity = .*",
        "\\tidentity = \"cn=Manager,%s\"" % config.general.get_ldap_dn())
    ldapconf.replace("\\t#base_filter = .*",
                     "\\tbase_filter = \"(employeeType=Sysop)\"")
    ldapconf.replace("\\tfilter = .*", "\\tfilter =\"(uid=%u)\"")
    ldapconf.replace("\\tbasedn = .*",
                     "\\tbasedn =\"%s\"" % config.general.get_ldap_dn())

    #Deal with certs
    ldapconf.replace("\\t\\t# cacertfile.*=.*",
                     "\\t\\tcacertfile\\t= /etc/openldap/cacerts/ca.crt")
    ldapconf.replace("\\t\\t# certfile.*=.*",
                     "\\t\\tcertfile\\t= /etc/openldap/cacerts/client.crt")
    ldapconf.replace("\\t\\t# keyfile.*=.*",
                     "\\t\\tkeyfile\\t= /etc/openldap/cacerts/client.key")

    x("/usr/bin/awk '/^[#]\\tldap/{c++;if(c==1){sub(\"^[#]\\tldap\",\"\\tldap\")}}1' %s"
      %
      "/etc/raddb/sites-enabled/default > /etc/raddb/sites-enabled/default.tmp"
      )
    x("cp /etc/raddb/sites-enabled/default.tmp /etc/raddb/sites-enabled/default"
      )
    x("rm /etc/raddb/sites-enabled/default.tmp")
    version_obj.mark_executed()
def install_freeradius(args):
  '''
  Install and configure the mysql-server on the local host.

  '''
  app.print_verbose("Install FreeRadius version: %d" % SCRIPT_VERSION)
  version_obj = version.Version("InstallFreeRadius", SCRIPT_VERSION)
  version_obj.check_executed()

 


  # Install the mysql-server packages.
  if (not os.access("/usr/sbin/radiusd", os.W_OK|os.X_OK)):
    x("yum -y install freeradius-utils freeradius-ldap")

    x("/sbin/chkconfig radiusd on ")
    if (not os.access("/usr/sbin/radiusd", os.F_OK)):
      raise Exception("Couldn't install FreeRadius")

  # Configure iptables
  iptables.add_freeradius_chain()
  iptables.save()
  
  app.print_verbose("Copying config")
  
  ldapconf = scOpen("/etc/raddb/modules/ldap")
  ldapconf.replace("\\t*server =.*","\\tserver=\"ldaps://%s\"" % config.general.get_ldap_hostname())
  ldapconf.replace("\\t#password = .*","\\tpassword =%s" % app.get_ldap_admin_password())
  ldapconf.replace("\\t#identity = .*","\\tidentity = \"cn=Manager,%s\"" % config.general.get_ldap_dn())
  ldapconf.replace("\\t#base_filter = .*","\\tbase_filter = \"(employeeType=Sysop)\"")
  ldapconf.replace("\\tfilter = .*", "\\tfilter =\"(uid=%u)\"")
  ldapconf.replace("\\tbasedn = .*", "\\tbasedn =\"%s\"" % config.general.get_ldap_dn())
  
  #Deal with certs
  ldapconf.replace("\\t\\t# cacertfile.*=.*","\\t\\tcacertfile\\t= /etc/openldap/cacerts/ca.crt")
  ldapconf.replace("\\t\\t# certfile.*=.*","\\t\\tcertfile\\t= /etc/openldap/cacerts/client.crt")
  ldapconf.replace("\\t\\t# keyfile.*=.*","\\t\\tkeyfile\\t= /etc/openldap/cacerts/client.key")
  
  

  x("/usr/bin/awk '/^[#]\\tldap/{c++;if(c==1){sub(\"^[#]\\tldap\",\"\\tldap\")}}1' %s" % "/etc/raddb/sites-enabled/default > /etc/raddb/sites-enabled/default.tmp")
  x("cp /etc/raddb/sites-enabled/default.tmp /etc/raddb/sites-enabled/default")
  x("rm /etc/raddb/sites-enabled/default.tmp")
  version_obj.mark_executed()