freeradius 3.0 ubuntu 18.04 with daloradius mikrotik ikev2 eap-radius wireless

Hi

First of all setup your favorite php sql webserver


apt install php-db php-gd git freeradius freeradius-mysql

cd /var/www/web001/htdocs 
git clone https://github.com/lirantal/daloradius.git

We have to import the freeradius 3.0 mysql schema first. Daloradius does only have freeradius 2.0 compatible sql schemas.

cat /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql | mysql -u radius -p radius

Now we import the daloradius sql schema without freeradius 2.0 sql schemas

cat /var/www/web001/htdocs/daloradius/contrib/db/mysql-daloradius.sql | mysql -u radius -p radius

here my freeradius mysql setup

cd /etc/freeradius/3.0/mods-enabled
ln -s ../mods-available/sql

vim sql

driver = "rlm_sql_mysql"
dialect = "mysql"
server = "localhost"
port = 3306
login = "radius"
password = "abcdefg"
radius_db = "radius"
read_clients = yes

here my changes to eap (eap for authenticating mikrotik wireless via wpa2 enterprise and mikrotik ikev2 eap radius)

vim /etc/freeradius/3.0/mods-enabled/eap

eap {
...
#ikev2 eap radius
default_eap_type = peap
...
}
tls-config tls-common {
private_key_file = path_to_your_ssl_private_key
certificate_file = path_to_your_ssl_certificate
ca_file = path_to_your_ssl_cabundle
}

I use rapidssl server certificate.

https://support.microsoft.com/en-ph/help/814394/certificate-requirements-when-you-use-eap-tls-or-peap-with-eap-tls


here my changes to the “default” site

cd /etc/freeradius/3.0/sites-enabled
vim default

authorize {
...
auth_log
...
sql
}

accounting {
...
sql
...
}

session {
...
sql
...
}

post-auth {
...
reply_log
sql
...
}

session {
...
sql
...
}

here my bulk radius settings

cd /etc/freeradius/3.0

vim radiusd.conf

log {
...
auth = yes
...
auth_badpass = yes
...
}

https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu

you have to create a systemd override for the freeradius unit. otherwise freeradius won’t start correctly if mysql is not running.

systemctl edit freeradius

[Unit]
After=network.target mysql.service

setup daloradius config

vim /var/www/web001/htdocs/daloradius/library/daloradius.conf.php

CONFIG_DB_USER
CONFIG_DB_PASS
CONFIG_DB_NAME

Have fun!

debian update i-mscp 1.0 to 1.5

Hi

Upgrade i-mscp 1.0 to 1.1 Debian to jessie

cd /usr/local/src
wget https://github.com/i-MSCP/imscp/archive/1.1.21.tar.gz
tar -xzf 1.1.21.tar.gz
cd imscp-1.1.21

#use build
perl imscp-autoinstall -c -a -d -f

rm -fR /var/www/imscp/{daemon,engine,gui}
cp -fR /tmp/imscp/* /
rm -fR /tmp/imscp

#i-mscp bug (error with external packages pma roundcube etc)
vim /var/www/imscp/engine/setup/imscp-setup-methods.pl
#[\&setupPreInstallAddons, 'Addons pre-installation'],
#[\&setupInstallAddons, 'Addons installation'],
#[\&setupPostInstallAddons, 'Addons post-installation'],

mkdir -p /var/www/imscp/gui/public/tools/filemanager/data
mkdir /var/www/imscp/gui/public/tools/pma
mkdir -p /var/www/imscp/gui/public/tools/webmail/logs

perl /var/www/imscp/engine/setup/imscp-setup -a -d

sed -i /etc/apt/sources.list -e s/wheezy/jessie/
apt-get update
apt-get dist-upgrade

Upgrade i-mscp 1.1 to 1.2 Upgrade Debian to stretch

cd /usr/local/src/
wget https://github.com/i-MSCP/imscp/archive/1.2.17.tar.gz
tar -xzf 1.2.17.tar.gz
cd imscp-1.2.17

#use build
perl imscp-autoinstall -d

rm -fR /var/www/imscp/{daemon,engine,gui}
cp -fR /tmp/imscp/* /
rm -fR /tmp/imscp

#i-mscp bug (error with external packages pma roundcube etc)
vim /var/www/imscp/engine/setup/imscp-setup-methods.pl
#[ \&setupPreInstallPackages, 'Packages pre-installation' ],
#[ \&setupInstallPackages, 'Packages installation' ],
#[ \&setupPostInstallPackages, 'Packages post-installation' ],

mkdir -p /var/www/imscp/gui/public/tools/ftp/data

perl /var/www/imscp/engine/setup/imscp-setup -d

sed -i /etc/apt/sources.list -e s/jessie/stretch/
apt update
apt dist-upgrade

Upgrade i-mscp 1.2 to 1.5

cd /usr/local/src
wget https://github.com/i-MSCP/imscp/archive/1.5.3-2018120800.tar.gz
tar -xzf 1.5.3-2018120800.tar.gz
cd imscp-1.5.3-2018120800

#use manual
perl imscp-autoinstall -d

rm -fR /var/www/imscp/{daemon,engine,gui}
cp -fR /tmp/imscp/* /
rm -fR /tmp/imscp

perl /var/www/imscp/engine/setup/imscp-reconfigure -d

Debian dist-upgrade changes mysql default charset to utf8

In this case we want latin1 as our default charset. Due to the fact that on this server runs very old software.

sed -i /etc/mysql/mariadb.conf.d/50-client.cnf -e s/utf8mb4/latin1/

sed -i /etc/mysql/mariadb.conf.d/50-mysql-clients.cnf -e s/utf8mb4/latin1/

sed -i /etc/mysql/mariadb.conf.d/50-server.cnf -e s/utf8mb4_general_ci/latin1_swedish_ci/

sed -i /etc/mysql/mariadb.conf.d/50-server.cnf -e s/utf8mb4/latin1/

Have fun!

cgroup ubuntu 18.04 howto

Install required packages

apt install cgroup-tools

copy cgred.conf from examples

cp /usr/share/doc/cgroup-tools/examples/cgred.conf /etc/

/etc/cgconfig.conf

group web2 {
cpu {
cpu.cfs_quota_us=10000;
}
memory {
memory.limit_in_bytes = 1024m;
}
}

cpu.cfs_quota_us = 10000 equals to 10% cpu usage
memory.limit_in_bytes = 1024 equals to 1G of system memory


/etc/cgrules.conf

#<user>    <controllers>           <destination>
web2 cpu,memory web2

This will limit every process of the user web2 to 10% CPU and 1G of memory.


For testing use this commands:

/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
/usr/sbin/cgrulesengd -vvv

check if cgroup’s are working properly

cat /sys/fs/cgroup/cpu/web2/tasks
cat /sys/fs/cgroup/memory/web2/tasks

Here my systemd service files, install them the usual systemd way

cgconfigparser.service

[Unit]
Description=cgroup config parser
After=network.target

[Service]
User=root
Group=root
ExecStart=/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
Type=oneshot

[Install]
WantedBy=multi-user.target

cgrulesgend.service

[Unit]
Description=cgroup rules generator
After=network.target cgconfigparser.service

[Service]
User=root
Group=root
Type=forking
EnvironmentFile=-/etc/cgred.conf
ExecStart=/usr/sbin/cgrulesengd
Restart=on-failure

[Install]
WantedBy=multi-user.target

reload systemd and start services

systemctl daemon-reload
systemctl enable cgconfigparser
systemctl enable cgrulesgend
systemctl start cgconfigparser
systemctl start cgrulesgend

Have fun!