Projeto Integrador - 2012.1 - Equipe 1

De MediaWiki do Campus São José
Ir para navegação Ir para pesquisar

Dia 15/06/2012

Sistema Operacional

  • Instalação do sistema operacional (Ubuntu Server) nas máquinas Matriz e Filial.

Dia 20/06/2012

DNS

  • Instalação do servidor DNS na máquina Matriz;

apt-get install bind9 bind9utils

Configuração

-named.conf.local-
  • /etc/bind/named.conf.local

zone "traveller.sj.ifsc.edu.br" { type master; file "/etc/bind/zones/matriz.zone"; };

  1. Zona reversa

zone "5.168.192.in-addr.arpa" { type master; file "/etc/bind/zones/rev.5.168.192.in-addr.arpa"; };</syntaxhighlight>

Foi criado a pasta zones:

mkdir /etc/bind/zones

-matriz.zone-
  • /etc/bind/zones/matriz.zone

@ IN SOA ns1.traveller.sj.ifsc.edu.br. admin.ns1.traveller.sj.ifsc.edu.br. ( 

               2012062001
               28800
               3600
               604800
               38400 )
       NS      ns1.traveller.sj.ifsc.edu.br.
       MX      10 mail.traveller.sj.ifsc.edu.br.
       IN      A 192.168.5.1

$ORIGIN traveller.sj.ifsc.edu.br. ns1 IN A 192.168.5.1 mail IN A 192.168.5.1 www IN A 192.168.5.1</syntaxhighlight>

-rev.5.168.192.in-addr.arpa-
  • /etc/bind/zones/rev.5.168.192.in-addr.arpa

$ORIGIN 5.168.192.in-addr.arpa. @ IN SOA ns1.traveller.sj.ifsc.edu.br. admin.ns1.traveller.sj.ifsc.edu.br. ( 2012062001; 28800; 604800; 604800; 86400 ) 

       IN      NS      ns1.traveller.sj.ifsc.edu.br.

1 IN PTR ns1.traveller.sj.ifsc.edu.br. 1 IN PTR mail.traveller.sj.ifsc.edu.br. 1 IN PTR www.traveller.sj.ifsc.edu.br.</syntaxhighlight>

-resolv.conf-
  • /etc/resolv.conf

nameserver 192.168.5.1 nameserver 8.8.8.8 domain traveller.sj.ifsc.edu.br search traveller.sj.ifsc.edu.br</syntaxhighlight>

DHCP

  • Instalação do DHCP na máquina Matriz.Testes feitos na máquina Filial.

apt-get install dhcp3-server

Configuração

-dhcpd.conf-

ddns-update-style none; default-lease-time 600; max-lease-time 7200; log-facility local7; vlan5; subnet 192.168.1.0 netmask 255.255.255.192 { 

 option subnet-mask 255.255.255.192;
 option broadcast-address 192.168.1.63;
 option routers 192.168.1.2;
 option domain-name-servers 192.168.1.2, 8.8.8.8, 8.8.4.4;
 option domain-name "traveller.sj.ifsc.edu.br";
 option netbios-name-servers 192.168.1.2;
 range 192.168.1.3 192.168.1.62;

}

vlan10; subnet 192.168.2.0 netmask 255.255.255.192 { 

 option subnet-mask 255.255.255.192;
 option broadcast-address 192.168.2.63;
 option routers 192.168.2.2;
 option domain-name-servers 192.168.2.2, 8.8.8.8, 8.8.4.4;
 option domain-name "traveller.sj.ifsc.edu.br";
 option netbios-name-servers 192.168.2.2;
 range 192.168.2.3 192.168.2.62;

}

vlan15; subnet 192.168.3.0 netmask 255.255.255.192 { 

 option subnet-mask 255.255.255.192;
 option broadcast-address 192.168.3.63;
 option routers 192.168.3.2;
 option domain-name-servers 192.168.3.2, 8.8.8.8, 8.8.4.4;
 option domain-name "traveller.sj.ifsc.edu.br";
 option netbios-name-servers 192.168.3.2;
 range 192.168.3.3 192.168.3.62;

}

group { 

 use-host-decl-names on;

}</syntaxhighlight>


Domínio: traveller.sj.ifsc.edu.br

IP: 200.135.37.95/26

Rota Padrão: 200.135.37.126</syntaxhighlight>

Dia 22/06/2012

  • Instalação servidor SAMBA na máquina matriz;

Samba

apt-get install samba apt-get install smbfs</syntaxhighlight>

Configuração

-smb.conf-

[global] workgroup = traveller server string = SMB Server %v em %h printcap name = cups load printers = no printcap cache time = 60 printing = cups log file = /var/log/samba/%m.log max log size = 50 hosts allow = 192.168.23. 127. 192.168.1. map to guest = bad user security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd dns proxy = no

[homes] comment = Arquivos do usuario %u em %h browseable = no writable = yes public = no</syntaxhighlight>

Dia 26/06/2012

Scripts para configuração no boot e teste da rede feitos;

  • Configuração do roteador.

#!/bin/bash

  1. Testa a rede

ping="8.8.8.8" teste=$(ping -c 5 ${ping} | awk {'print $4 $5'} | tail -n 2 | head -n 1 | cut -d r -f 1) if [ "${teste}" -gt "0" ] then 

       ifconfig wlan0 down

else 

       ifconfig wlan0 up
       ifconfig wlan0 192.168.5.1/24
       route add default gw 192.168.5.254

fi</syntaxhighlight>

Dia 28/06/2012

  • Fixação da linha EXT. no patch panel;
  • Instalada a central telefônia com uma linha tronco e 3 ramais (toda fiação que sai da central está fixada permanentemente no patch panel);

Foram instaladas 3 tomadas telecom (todas as portas do patch panel, que estão em uso, foram devidamente identificadas e testadas).

Dia 29/06/2012

  • Configuração AP para autenticar via RADIUS.

FreeRadius

Instalação

  • apt-get install freeradius freeradius-mysql
  • apt-get install mysql-server

Configuração

-Users-

DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "SLIP" Framed-Protocol = SLIP fgenius Cleartext-Password := "fgenius"</syntaxhighlight>

-Hosts-

127.0.0.1 localhost 192.168.1.254 matriz fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters</syntaxhighlight>

  • Configurar o Mysql para trabalhar com o FreeRadius

Logar no servidor mysql: mysql -u root -p Criar o banco de dados para autenticação com o freeradius create database radius; Verificar as tabelas que existem na base de dados radius use radius; show tables; Sair do mysql: exit Importar o arquivo .sql de /etc/freeradius/sql/mysql/schema.sql para o mysql: mysql -u root -p radius < /etc/freeradius/sql/mysql/schema.sql Logar no servidor mysql: mysql -u root -p Verificar as tabelas que existem na base de dados radius use radius; show tables;</syntaxhighlight>

-sql.conf-

sql { database = "mysql" driver = "rlm_sql_${database}" server = "localhost" login = "radius" password = "radpass" radius_db = "radius" acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth" authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" usergroup_table = "radusergroup" deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 lifetime = 0 max_queries = 0 nas_table = "nas" $INCLUDE sql/${database}/dialup.conf</syntaxhighlight>

-radiusd.conf-

prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct name = freeradius confdir = ${raddbdir} run_dir = ${localstatedir}/run/${name} db_dir = ${raddbdir} libdir = /usr/lib/freeradius pidfile = ${run_dir}/${name}.pid user = freerad group = freerad max_request_time = 30 cleanup_delay = 5 max_requests = 1024 listen { type = auth ipaddr = * port = 0 } listen { ipaddr = * port = 0 type = acct } hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log { destination = files file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = no auth_badpass = no auth_goodpass = no } checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = yes } proxy_requests = yes $INCLUDE proxy.conf $INCLUDE clients.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { $INCLUDE ${confdir}/modules/ $INCLUDE eap.conf } instantiate { exec expr expiration logintime } $INCLUDE policy.conf $INCLUDE sites-enabled/</syntaxhighlight>

-default-

authorize { preprocess chap mschap suffix eap { ok = return } unix files sql expiration logintime pap } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix eap } preacct { preprocess acct_unique suffix files } accounting { detail unix radutmp sql attr_filter.accounting_response } session { radutmp sql } post-auth { sql exec Post-Auth-Type REJECT { attr_filter.access_reject } } pre-proxy { } post-proxy { eap }</syntaxhighlight>

-inner-tunnel-

server inner-tunnel { authorize { chap mschap unix suffix update control { Proxy-To-Realm := LOCAL } eap { ok = return } files expiration logintime pap } st-proxy { authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } unix eap } session { radutmp } post-auth { Post-Auth-Type REJECT { attr_filter.access_reject } } pre-proxy { } post-proxy { eap } }</syntaxhighlight>

Dia 03/07/2012

  • Configurando o OpenVPN no cliente (filial) encontramos um problema no disco rígido. Necessidade da troca do disco, formatação, instalação do GRUB e configuração;
Disponível em “https://wiki.sj.ifsc.edu.br/index.php?title=Projeto_Integrador_-_2012.1_-_Equipe_1&oldid=45822