def install_freeradius(args):
'''
Install and configure the freeradius on the local host.
'''
app.print_verbose("Install FreeRadius version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallFreeRadius", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize all passwords used by the script
app.get_ldap_admin_password()
_install_packages()
# Configure iptables
iptables.add_freeradius_chain()
iptables.save()
_configure_ldap()
_enable_ldap()
_configure_radius()
_setup_radius_clients()
x("/etc/init.d/radiusd restart")
version_obj.mark_executed()
def install_freeradius(args):
'''
Install and configure the freeradius on the local host.
'''
app.print_verbose("Install FreeRadius version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallFreeRadius", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize all passwords used by the script
app.get_ldap_admin_password()
_install_packages()
# Configure iptables
iptables.add_freeradius_chain()
iptables.save()
_configure_ldap()
_enable_ldap()
_configure_radius()
_setup_radius_clients()
x("/etc/init.d/radiusd restart")
version_obj.mark_executed()
def install_freeradius(args):
'''
Install and configure the mysql-server on the local host.
'''
app.print_verbose("Install FreeRadius version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallFreeRadius", SCRIPT_VERSION)
version_obj.check_executed()
# Install the mysql-server packages.
if (not os.access("/usr/sbin/radiusd", os.W_OK | os.X_OK)):
x("yum -y install freeradius-utils freeradius-ldap")
x("/sbin/chkconfig radiusd on ")
if (not os.access("/usr/sbin/radiusd", os.F_OK)):
raise Exception("Couldn't install FreeRadius")
# Configure iptables
iptables.add_freeradius_chain()
iptables.save()
app.print_verbose("Copying config")
ldapconf = scOpen("/etc/raddb/modules/ldap")
ldapconf.replace(
"\\t*server =.*",
"\\tserver=\"ldaps://%s\"" % config.general.get_ldap_hostname())
ldapconf.replace("\\t#password = .*",
"\\tpassword =%s" % app.get_ldap_admin_password())
ldapconf.replace(
"\\t#identity = .*",
"\\tidentity = \"cn=Manager,%s\"" % config.general.get_ldap_dn())
ldapconf.replace("\\t#base_filter = .*",
"\\tbase_filter = \"(employeeType=Sysop)\"")
ldapconf.replace("\\tfilter = .*", "\\tfilter =\"(uid=%u)\"")
ldapconf.replace("\\tbasedn = .*",
"\\tbasedn =\"%s\"" % config.general.get_ldap_dn())
#Deal with certs
ldapconf.replace("\\t\\t# cacertfile.*=.*",
"\\t\\tcacertfile\\t= /etc/openldap/cacerts/ca.crt")
ldapconf.replace("\\t\\t# certfile.*=.*",
"\\t\\tcertfile\\t= /etc/openldap/cacerts/client.crt")
ldapconf.replace("\\t\\t# keyfile.*=.*",
"\\t\\tkeyfile\\t= /etc/openldap/cacerts/client.key")
x("/usr/bin/awk '/^[#]\\tldap/{c++;if(c==1){sub(\"^[#]\\tldap\",\"\\tldap\")}}1' %s"
%
"/etc/raddb/sites-enabled/default > /etc/raddb/sites-enabled/default.tmp"
)
x("cp /etc/raddb/sites-enabled/default.tmp /etc/raddb/sites-enabled/default"
)
x("rm /etc/raddb/sites-enabled/default.tmp")
version_obj.mark_executed()
def install_freeradius(args):
'''
Install and configure the mysql-server on the local host.
'''
app.print_verbose("Install FreeRadius version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallFreeRadius", SCRIPT_VERSION)
version_obj.check_executed()
# Install the mysql-server packages.
if (not os.access("/usr/sbin/radiusd", os.W_OK|os.X_OK)):
x("yum -y install freeradius-utils freeradius-ldap")
x("/sbin/chkconfig radiusd on ")
if (not os.access("/usr/sbin/radiusd", os.F_OK)):
raise Exception("Couldn't install FreeRadius")
# Configure iptables
iptables.add_freeradius_chain()
iptables.save()
app.print_verbose("Copying config")
ldapconf = scOpen("/etc/raddb/modules/ldap")
ldapconf.replace("\\t*server =.*","\\tserver=\"ldaps://%s\"" % config.general.get_ldap_hostname())
ldapconf.replace("\\t#password = .*","\\tpassword =%s" % app.get_ldap_admin_password())
ldapconf.replace("\\t#identity = .*","\\tidentity = \"cn=Manager,%s\"" % config.general.get_ldap_dn())
ldapconf.replace("\\t#base_filter = .*","\\tbase_filter = \"(employeeType=Sysop)\"")
ldapconf.replace("\\tfilter = .*", "\\tfilter =\"(uid=%u)\"")
ldapconf.replace("\\tbasedn = .*", "\\tbasedn =\"%s\"" % config.general.get_ldap_dn())
#Deal with certs
ldapconf.replace("\\t\\t# cacertfile.*=.*","\\t\\tcacertfile\\t= /etc/openldap/cacerts/ca.crt")
ldapconf.replace("\\t\\t# certfile.*=.*","\\t\\tcertfile\\t= /etc/openldap/cacerts/client.crt")
ldapconf.replace("\\t\\t# keyfile.*=.*","\\t\\tkeyfile\\t= /etc/openldap/cacerts/client.key")
x("/usr/bin/awk '/^[#]\\tldap/{c++;if(c==1){sub(\"^[#]\\tldap\",\"\\tldap\")}}1' %s" % "/etc/raddb/sites-enabled/default > /etc/raddb/sites-enabled/default.tmp")
x("cp /etc/raddb/sites-enabled/default.tmp /etc/raddb/sites-enabled/default")
x("rm /etc/raddb/sites-enabled/default.tmp")
version_obj.mark_executed()
