Mudanças entre as edições de "Projeto Integrador - 2012.1 - Equipe 1"
Linha 143: | Linha 143: | ||
====Configuração==== | ====Configuração==== | ||
=====-smb.conf-===== | =====-smb.conf-===== | ||
+ | */etc/samba/smb.conf | ||
<code>[global] | <code>[global] |
Edição das 19h35min de 11 de julho de 2012
Dia 15/06/2012
Sistema Operacional
- Instalação do sistema operacional (Ubuntu Server) nas máquinas Matriz e Filial.
Dia 20/06/2012
DNS
Instalação
apt-get install bind9 bind9utils</syntaxhighlight>
Configuração
-named.conf.local-
- /etc/bind/named.conf.local
zone "traveller.sj.ifsc.edu.br" {
type master;
file "/etc/bind/zones/matriz.zone";
};
- Zona reversa
zone "5.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.5.168.192.in-addr.arpa";
};</syntaxhighlight>
Foi criado a pasta zones:
mkdir /etc/bind/zones
-matriz.zone-
- /etc/bind/zones/matriz.zone
@ IN SOA ns1.traveller.sj.ifsc.edu.br. admin.ns1.traveller.sj.ifsc.edu.br. (
2012062001
28800
3600
604800
38400 )
NS ns1.traveller.sj.ifsc.edu.br.
MX 10 mail.traveller.sj.ifsc.edu.br.
IN A 192.168.5.1
$ORIGIN traveller.sj.ifsc.edu.br.
ns1 IN A 192.168.5.1
mail IN A 192.168.5.1
www IN A 192.168.5.1</syntaxhighlight>
-rev.5.168.192.in-addr.arpa-
- /etc/bind/zones/rev.5.168.192.in-addr.arpa
$ORIGIN 5.168.192.in-addr.arpa.
@ IN SOA ns1.traveller.sj.ifsc.edu.br. admin.ns1.traveller.sj.ifsc.edu.br. (
2012062001;
28800;
604800;
604800;
86400 )
IN NS ns1.traveller.sj.ifsc.edu.br.
1 IN PTR ns1.traveller.sj.ifsc.edu.br.
1 IN PTR mail.traveller.sj.ifsc.edu.br.
1 IN PTR www.traveller.sj.ifsc.edu.br.</syntaxhighlight>
-resolv.conf-
- /etc/resolv.conf
nameserver 192.168.5.1
nameserver 8.8.8.8
domain traveller.sj.ifsc.edu.br
search traveller.sj.ifsc.edu.br</syntaxhighlight>
DHCP
Instalação
apt-get install dhcp3-server</syntaxhighlight>
Configuração
-dhcpd.conf-
- /etc/dhcp3/dhcpd.conf
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
vlan5;
subnet 192.168.1.0 netmask 255.255.255.192 {
option subnet-mask 255.255.255.192;
option broadcast-address 192.168.1.63;
option routers 192.168.1.2;
option domain-name-servers 192.168.1.2, 8.8.8.8, 8.8.4.4;
option domain-name "traveller.sj.ifsc.edu.br";
option netbios-name-servers 192.168.1.2;
range 192.168.1.3 192.168.1.62;
}
vlan10;
subnet 192.168.2.0 netmask 255.255.255.192 {
option subnet-mask 255.255.255.192;
option broadcast-address 192.168.2.63;
option routers 192.168.2.2;
option domain-name-servers 192.168.2.2, 8.8.8.8, 8.8.4.4;
option domain-name "traveller.sj.ifsc.edu.br";
option netbios-name-servers 192.168.2.2;
range 192.168.2.3 192.168.2.62;
}
vlan15;
subnet 192.168.3.0 netmask 255.255.255.192 {
option subnet-mask 255.255.255.192;
option broadcast-address 192.168.3.63;
option routers 192.168.3.2;
option domain-name-servers 192.168.3.2, 8.8.8.8, 8.8.4.4;
option domain-name "traveller.sj.ifsc.edu.br";
option netbios-name-servers 192.168.3.2;
range 192.168.3.3 192.168.3.62;
}
group {
use-host-decl-names on;
}</syntaxhighlight>
Domínio: traveller.sj.ifsc.edu.br
IP: 200.135.37.95/26
Rota Padrão: 200.135.37.126</syntaxhighlight>
Dia 22/06/2012
Samba
Instalação
apt-get install samba
apt-get install smbfs</syntaxhighlight>
Configuração
-smb.conf-
- /etc/samba/smb.conf
[global]
workgroup = traveller
server string = SMB Server %v em %h
printcap name = cups
load printers = no
printcap cache time = 60
printing = cups
log file = /var/log/samba/%m.log
max log size = 50
hosts allow = 192.168.23. 127. 192.168.1.
map to guest = bad user
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
dns proxy = no
[homes]
comment = Arquivos do usuario %u em %h
browseable = no
writable = yes
public = no</syntaxhighlight>
Dia 26/06/2012
Scripts para configuração no boot e teste da rede feitos;
- Configuração do roteador.
#!/bin/bash
- Testa a rede
ping="8.8.8.8"
teste=$(ping -c 5 ${ping} | awk {'print $4 $5'} | tail -n 2 | head -n 1 | cut -d r -f 1)
if [ "${teste}" -gt "0" ]
then
ifconfig wlan0 down
else
ifconfig wlan0 up
ifconfig wlan0 192.168.5.1/24
route add default gw 192.168.5.254
fi</syntaxhighlight>
Dia 28/06/2012
- Fixação da linha EXT. no patch panel;
- Instalada a central telefônia com uma linha tronco e 3 ramais (toda fiação que sai da central está fixada permanentemente no patch panel);
Foram instaladas 3 tomadas telecom (todas as portas do patch panel, que estão em uso, foram devidamente identificadas e testadas).
Dia 29/06/2012
- Configuração AP para autenticar via RADIUS.
FreeRadius
Instalação
apt-get install freeradius freeradius-mysql
apt-get install mysql-server</syntaxhighlight>
Configuração
-Users-
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
fgenius Cleartext-Password := "fgenius"</syntaxhighlight>
-Hosts-
127.0.0.1 localhost
192.168.1.254 matriz
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters</syntaxhighlight>
- Configurar o Mysql para trabalhar com o FreeRadius
Logar no servidor mysql: mysql -u root -p
Criar o banco de dados para autenticação com o
freeradius create database radius;
Verificar as tabelas que existem na base de dados
radius use radius; show tables;
Sair do mysql: exit
Importar o arquivo .sql de
/etc/freeradius/sql/mysql/schema.sql para o mysql: mysql -u
root -p radius < /etc/freeradius/sql/mysql/schema.sql
Logar no servidor mysql: mysql -u root -p
Verificar as tabelas que existem na base de dados
radius use radius; show tables;</syntaxhighlight>
-sql.conf-
sql {
database = "mysql"
driver = "rlm_sql_${database}"
server = "localhost"
login = "radius"
password = "radpass"
radius_db = "radius"
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "radusergroup"
deletestalesessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
lifetime = 0
max_queries = 0
nas_table = "nas"
$INCLUDE sql/${database}/dialup.conf</syntaxhighlight>
-radiusd.conf-
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
name = freeradius
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}
db_dir = ${raddbdir}
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/${name}.pid
user = freerad
group = freerad
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
listen {
type = auth
ipaddr = *
port = 0
}
listen {
ipaddr = *
port = 0
type = acct
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log {
destination = files
file = ${logdir}/radius.log
syslog_facility = daemon
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
proxy_requests = yes
$INCLUDE proxy.conf
$INCLUDE clients.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
$INCLUDE ${confdir}/modules/
$INCLUDE eap.conf
}
instantiate {
exec
expr
expiration
logintime
}
$INCLUDE policy.conf
$INCLUDE sites-enabled/</syntaxhighlight>
-default-
authorize {
preprocess
chap
mschap
suffix
eap {
ok = return
}
unix
files
sql
expiration
logintime
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
detail
unix
radutmp
sql
attr_filter.accounting_response
}
session {
radutmp
sql
}
post-auth {
sql
exec
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}</syntaxhighlight>
-inner-tunnel-
server inner-tunnel {
authorize {
chap
mschap
unix
suffix
update control {
Proxy-To-Realm := LOCAL
}
eap {
ok = return
}
files
expiration
logintime
pap
}
st-proxy {
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
eap
}
session {
radutmp
}
post-auth {
Post-Auth-Type REJECT {
attr_filter.access_reject
}
}
pre-proxy {
}
post-proxy {
eap
}
}</syntaxhighlight>
Dia 03/07/2012
- Configurando o OpenVPN no cliente (filial) encontramos um problema no disco rígido. Necessidade da troca do disco, formatação, instalação do GRUB e configuração;