參考鏈接如下:
https://www.paranoids.at/tag/18-04/
全文粘貼如下:
freeradius 3.0 ubuntu 18.04 with daloradius mikrotik ikev2 eap-radius wireless
27/03/2019
Hi
First of all setup your favorite php sql webserver
apt install php-db php-gd git freeradius freeradius-mysql
cd /var/www/web001/htdocs
git clone https://github.com/lirantal/daloradius.git
We have to import the freeradius 3.0 mysql schema first. Daloradius does only have freeradius 2.0 compatible sql schemas.
cat /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql | mysql -u radius -p radius
Now we import the daloradius sql schema without freeradius 2.0 sql schemas
cat /var/www/web001/htdocs/daloradius/contrib/db/mysql-daloradius.sql | mysql -u radius -p radius
here my freeradius mysql setup
cd /etc/freeradius/3.0/mods-enabled
ln -s …/mods-available/sql
vim sql
driver = “rlm_sql_mysql”
dialect = “mysql”
server = “localhost”
port = 3306
login = “radius”
password = “abcdefg”
radius_db = “radius”
read_clients = yes
here my changes to eap (eap for authenticating mikrotik wireless via wpa2 enterprise and mikrotik ikev2 eap radius)
vim /etc/freeradius/3.0/mods-enabled/eap
eap {
…
#ikev2 eap radius
default_eap_type = peap
…
}
tls-config tls-common {
private_key_file = path_to_your_ssl_private_key
certificate_file = path_to_your_ssl_certificate
ca_file = path_to_your_ssl_cabundle
}
I use rapidssl server certificate.
here my changes to the “default” site
cd /etc/freeradius/3.0/sites-enabled
vim default
authorize {
…
auth_log
…
sql
}
accounting {
…
sql
…
}
session {
…
sql
…
}
post-auth {
…
reply_log
sql
…
}
session {
…
sql
…
}
here my bulk radius settings
cd /etc/freeradius/3.0
vim radiusd.conf
log {
…
auth = yes
…
auth_badpass = yes
…
}
https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu
you have to create a systemd override for the freeradius unit. otherwise freeradius won’t start correctly if mysql is not running.
systemctl edit freeradius
[Unit]
After=network.target mysql.service
setup daloradius config
vim /var/www/web001/htdocs/daloradius/library/daloradius.conf.php
CONFIG_DB_USER
CONFIG_DB_PASS
CONFIG_DB_NAME
Have fun!
cgroup ubuntu 18.04 howto
19/02/2019
Install required packages
apt install cgroup-tools
copy cgred.conf from examples
cp /usr/share/doc/cgroup-tools/examples/cgred.conf /etc/
/etc/cgconfig.conf
group web2 {
cpu {
cpu.cfs_quota_us=10000;
}
memory {
memory.limit_in_bytes = 1024m;
}
}
cpu.cfs_quota_us = 10000 equals to 10% cpu usage
memory.limit_in_bytes = 1024 equals to 1G of system memory
/etc/cgrules.conf
#
web2 cpu,memory web2
This will limit every process of the user web2 to 10% CPU and 1G of memory.
For testing use this commands:
/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
/usr/sbin/cgrulesengd -vvv
check if cgroup’s are working properly
cat /sys/fs/cgroup/cpu/web2/tasks
cat /sys/fs/cgroup/memory/web2/tasks
Here my systemd service files, install them the usual systemd way
cgconfigparser.service
[Unit]
Description=cgroup config parser
After=network.target
[Service]
User=root
Group=root
ExecStart=/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
Type=oneshot
[Install]
WantedBy=multi-user.target
cgrulesgend.service
[Unit]
Description=cgroup rules generator
After=network.target cgconfigparser.service
[Service]
User=root
Group=root
Type=forking
EnvironmentFile=-/etc/cgred.conf
ExecStart=/usr/sbin/cgrulesengd
Restart=on-failure
[Install]
WantedBy=multi-user.target
reload systemd and start services
systemctl daemon-reload
systemctl enable cgconfigparser
systemctl enable cgrulesgend
systemctl start cgconfigparser
systemctl start cgrulesgend
Have fun!
Ubuntu 18.04 Network Configuration ipv4 ipv6 Dual Stack
23/05/2018
Hi
no /etc/network/interfaces ?
Let’s go for it 😃
vim /etc/netplan/01-netcfg.yaml
network:
version: 2
renderer: networkd
ethernets:
eno1:
dhcp4: no
dhcp6: no
addresses: [192.168.1.2/24, “XXXX:XXXX:XXXX:XXXX::2/64”]
gateway4: 192.168.1.1
gateway6: XXXX:XXXX:XXXX:XXXX::1
nameservers:
addresses: [1.1.1.1, 1.0.0.1]
here a bridged example
network:
version: 2
renderer: networkd
ethernets:
eno1:
dhcp4: no
dhcp6: no
bridges:
br0:
interfaces: [eno1]
dhcp4: no
dhcp6: no
addresses: [192.168.1.2/24, “XXXX:XXXX:XXXX:XXXX::2/64”]
gateway4: 192.168.1.1
gateway6: XXXX:XXXX:XXXX:XXXX::1
nameservers:
addresses: [1.1.1.1, 1.0.0.1]
here a bridged example with vlans
network:
version: 2
renderer: networkd
ethernets:
enp5s0f0:
dhcp4: no
dhcp6: no
vlans:
vlan302:
id: 302
link: enp5s0f0
dhcp4: no
dhcp6: no
vlan412:
id: 412
link: enp5s0f0
dhcp4: no
dhcp6: no
bridges:
br0:
interfaces: [vlan302]
dhcp4: no
dhcp6: no
addresses: [1.1.1.2/24]
gateway4: 1.1.1.1
nameservers:
addresses: [1.1.1.1, 1.0.0.1]
br1:
interfaces: [vlan412]
dhcp4: no
dhcp6: no
the spaces are mandatory!
Have fun
make Ubuntu server powerloss proof
18/05/2015
Hi
Sometimes, after powerloss Ubuntu hangs on boot or asking to fix filesystem errors.
To avoid this problems simply edit following files:
Edit the file:
/etc/default/grub
GRUB_RECORDFAIL_TIMEOUT=2
After that you have to rebuild grub configuration:
update-grub
Edit the file:
/etc/default/rcS
FSCKFIX=yes
EDIT 16.05.2018:
Ubuntu 18.04 /etc/default/rcS missing due to systemd
You have to pass a kernel parameter
https://www.freedesktop.org/software/systemd/man/[email protected]
/etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT=“quiet splash fsck.repair=yes”
Dont forget to run update-grub
Have fun!