freeradius 3.0 ubuntu 18.04 with daloradius mikrotik ikev2 eap-radius wireless

Hi

First of all setup your favorite php sql webserver


apt install php-db php-gd git freeradius freeradius-mysql

cd /var/www/web001/htdocs 
git clone https://github.com/lirantal/daloradius.git

We have to import the freeradius 3.0 mysql schema first. Daloradius does only have freeradius 2.0 compatible sql schemas.

cat /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql | mysql -u radius -p radius

Now we import the daloradius sql schema without freeradius 2.0 sql schemas

cat /var/www/web001/htdocs/daloradius/contrib/db/mysql-daloradius.sql | mysql -u radius -p radius

here my freeradius mysql setup

cd /etc/freeradius/3.0/mods-enabled
ln -s ../mods-available/sql

vim sql

driver = "rlm_sql_mysql"
dialect = "mysql"
server = "localhost"
port = 3306
login = "radius"
password = "abcdefg"
radius_db = "radius"
read_clients = yes

here my changes to eap (eap for authenticating mikrotik wireless via wpa2 enterprise and mikrotik ikev2 eap radius)

vim /etc/freeradius/3.0/mods-enabled/eap

eap {
...
#ikev2 eap radius
default_eap_type = peap
...
}
tls-config tls-common {
private_key_file = path_to_your_ssl_private_key
certificate_file = path_to_your_ssl_certificate
ca_file = path_to_your_ssl_cabundle
}

I use rapidssl server certificate.

https://support.microsoft.com/en-ph/help/814394/certificate-requirements-when-you-use-eap-tls-or-peap-with-eap-tls


here my changes to the “default” site

cd /etc/freeradius/3.0/sites-enabled
vim default

authorize {
...
auth_log
...
sql
}

accounting {
...
sql
...
}

session {
...
sql
...
}

post-auth {
...
reply_log
sql
...
}

session {
...
sql
...
}

here my bulk radius settings

cd /etc/freeradius/3.0

vim radiusd.conf

log {
...
auth = yes
...
auth_badpass = yes
...
}

https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu

you have to create a systemd override for the freeradius unit. otherwise freeradius won’t start correctly if mysql is not running.

systemctl edit freeradius

[Unit]
After=network.target mysql.service

setup daloradius config

vim /var/www/web001/htdocs/daloradius/library/daloradius.conf.php

CONFIG_DB_USER
CONFIG_DB_PASS
CONFIG_DB_NAME

Have fun!

cgroup ubuntu 18.04 howto

Install required packages

apt install cgroup-tools

copy cgred.conf from examples

cp /usr/share/doc/cgroup-tools/examples/cgred.conf /etc/

/etc/cgconfig.conf

group web2 {
cpu {
cpu.cfs_quota_us=10000;
}
memory {
memory.limit_in_bytes = 1024m;
}
}

cpu.cfs_quota_us = 10000 equals to 10% cpu usage
memory.limit_in_bytes = 1024 equals to 1G of system memory


/etc/cgrules.conf

#<user>    <controllers>           <destination>
web2 cpu,memory web2

This will limit every process of the user web2 to 10% CPU and 1G of memory.


For testing use this commands:

/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
/usr/sbin/cgrulesengd -vvv

check if cgroup’s are working properly

cat /sys/fs/cgroup/cpu/web2/tasks
cat /sys/fs/cgroup/memory/web2/tasks

Here my systemd service files, install them the usual systemd way

cgconfigparser.service

[Unit]
Description=cgroup config parser
After=network.target

[Service]
User=root
Group=root
ExecStart=/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
Type=oneshot

[Install]
WantedBy=multi-user.target

cgrulesgend.service

[Unit]
Description=cgroup rules generator
After=network.target cgconfigparser.service

[Service]
User=root
Group=root
Type=forking
EnvironmentFile=-/etc/cgred.conf
ExecStart=/usr/sbin/cgrulesengd
Restart=on-failure

[Install]
WantedBy=multi-user.target

reload systemd and start services

systemctl daemon-reload
systemctl enable cgconfigparser
systemctl enable cgrulesgend
systemctl start cgconfigparser
systemctl start cgrulesgend

Have fun!

Ubuntu 18.04 Network Configuration ipv4 ipv6 Dual Stack

Hi

no /etc/network/interfaces ?

Let’s go for it :-)

vim /etc/netplan/01-netcfg.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    eno1:
      dhcp4: no
      dhcp6: no
      addresses: [192.168.1.2/24, "XXXX:XXXX:XXXX:XXXX::2/64"]
      gateway4: 192.168.1.1
      gateway6: XXXX:XXXX:XXXX:XXXX::1
      nameservers:
        addresses: [1.1.1.1, 1.0.0.1]

here a bridged example

network:
  version: 2
  renderer: networkd
  ethernets:
    eno1:
      dhcp4: no
      dhcp6: no
  bridges:
    br0:
      interfaces: [eno1]
      dhcp4: no
      dhcp6: no
      addresses: [192.168.1.2/24, "XXXX:XXXX:XXXX:XXXX::2/64"]
      gateway4: 192.168.1.1
      gateway6: XXXX:XXXX:XXXX:XXXX::1
      nameservers:
        addresses: [1.1.1.1, 1.0.0.1]

here a bridged example with vlans

network:
  version: 2
  renderer: networkd
  ethernets:
    enp5s0f0:
      dhcp4: no
      dhcp6: no
  vlans:
    vlan302:
      id: 302
      link: enp5s0f0
      dhcp4: no
      dhcp6: no
    vlan412:
      id: 412
      link: enp5s0f0
      dhcp4: no
      dhcp6: no
  bridges:
    br0:
      interfaces: [vlan302]
      dhcp4: no
      dhcp6: no
      addresses: [1.1.1.2/24]
      gateway4: 1.1.1.1
      nameservers:
        addresses: [1.1.1.1, 1.0.0.1]
    br1:
      interfaces: [vlan412]
      dhcp4: no
      dhcp6: no

the spaces are mandatory!

Have fun

make Ubuntu server powerloss proof

Hi

Sometimes, after powerloss Ubuntu hangs on boot or asking to fix filesystem errors.
To avoid this problems simply edit following files:

Edit the file:

 /etc/default/grub
GRUB_RECORDFAIL_TIMEOUT=2

After that you have to rebuild grub configuration:

update-grub

Edit the file:

/etc/default/rcS
FSCKFIX=yes

EDIT 16.05.2018:
Ubuntu 18.04 /etc/default/rcS missing due to systemd
You have to pass a kernel parameter
https://www.freedesktop.org/software/systemd/man/systemd-fsck@.service.html

/etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash fsck.repair=yes"

Dont forget to run update-grub

Have fun!