好大的早饭
[
breadtalk 香菇面包——夹了香菇以及别的东西的千层饼
好大的早饭,味道不错,咸咸的,还有点酸酸的,放心没坏昨天lp才给买的,
同时lp还给买了breadpapa 泡芙,
so big breakfast
29
三
07
28
三
07
多ip在同一个vpn上
[
要解决几个难题
1、如何以不同的ip地址出去
使用源nat,只需要在原本转发方式上增加-j SNAT –to 1.2.3.4
2、如何绑定用户帐号和分配的ip地址,这样才能写死让某个用户以某个ip地址出去。
解决方法,阅读freeradius文档,radreply文件控制回应的参数,你可以任意指定让某个参数变成什么,看看rlm_sql文档
One of the fields of the SQL schema is named ‘op’ This is for the
‘operator’ used by the attributes. e.g.:
‘operator’ used by the attributes. e.g.:
Framed-IP-Address = 1.2.3.4
^ ATTRIBUTE —-^ ^ OP ^ VALUE
看到这句话得到启发,继续往下看咯,freeradius真的是个很8错的认证工具,以后还可以用于其他设备的认证,比如,将vpn平缓迁移到专用vpn设备的时候仍能保持良好的二次开发能力
这篇详细解释了raidus的安装和配置,其中的数据库结构讲解很详细,看看它到底能作什么?
mysql> select * from usergroup;
+—-+—————+———–+
| id | UserName | GroupName |
+—-+—————+———–+
| 1 | fredf | dynamic |
| 2 | barney | static |
| 2 | dialrouter | netdial |
+—-+—————+———–+
3 rows in set (0.00 sec)
+—-+—————+———–+
| id | UserName | GroupName |
+—-+—————+———–+
| 1 | fredf | dynamic |
| 2 | barney | static |
| 2 | dialrouter | netdial |
+—-+—————+———–+
3 rows in set (0.00 sec)
mysql> select * from radcheck;
+—-+—————-+—————-+——————+——+
| id | UserName | Attribute | Value | Op |
+—-+—————-+—————-+——————+——+
| 1 | fredf | Password | wilma | == |
| 2 | barney | Password | betty | == |
| 2 | dialrouter | Password | dialup | == |
+—-+—————-+—————-+——————+——+
3 rows in set (0.02 sec)
mysql> select * from radgroupcheck;
+—-+————+——————-+———————+——+
| id | GroupName | Attribute | Value | Op |
+—-+————+——————-+———————+——+
| 1 | dynamic | Auth-Type | Local | := |
| 2 | static | Auth-Type | Local | := |
| 3 | netdial | Auth-Type | Local | := |
+—-+————+——————-+———————+——+
3 rows in set (0.01 sec)
mysql> select * from radreply;
+—-+————+——————-+———————————+——+
| id | UserName | Attribute | Value | Op |
+—-+————+——————-+———————————+——+
| 1 | barney | Framed-IP-Address | 1.2.3.4 | := |
| 2 | dialrouter | Framed-IP-Address | 2.3.4.1 | := |
| 3 | dialrouter | Framed-IP-Netmask | 255.255.255.255 | := |
| 4 | dialrouter | Framed-Routing | Broadcast-Listen | := |
| 5 | dialrouter | Framed-Route | 2.3.4.0 255.255.255.248 | := |
| 6 | dialrouter | Idle-Timeout | 900 | := |
+—-+————+——————-+———————————+——+
6 rows in set (0.01 sec)
mysql> select * from radgroupreply;
+—-+———–+——————–+———————+——+
| id | GroupName | Attribute | Value | Op |
+—-+———–+——————–+———————+——+
| 34 | dynamic | Framed-Compression | Van-Jacobsen-TCP-IP | := |
| 33 | dynamic | Framed-Protocol | PPP | := |
| 32 | dynamic | Service-Type | Framed-User | := |
| 35 | dynamic | Framed-MTU | 1500 | := |
| 37 | static | Framed-Protocol | PPP | := |
| 38 | static | Service-Type | Framed-User | := |
| 39 | static | Framed-Compression | Van-Jacobsen-TCP-IP | := |
| 41 | netdial | Service-Type | Framed-User | := |
| 42 | netdial | Framed-Protocol | PPP | := |
+—-+———–+——-
————-+———————+——+
12 rows in set (0.01 sec)
mysql>
甚至我们可以推送用户获得的路由信息是什么,
扯远了,来看看op的规则有哪些
The list of operators is given below.
Op Example and documentation
– ————————-
= “Attribute = Value”
Not allowed as a check item for RADIUS protocol attributes. It is
allowed for server configuration attributes (Auth-Type, etc), and sets
the value of on attribute, only if there is no other item of the
same attribute.
As a reply item, it means “add the item to the reply list, but
only if there is no other item of the same attribute.”
:= “Attribute := Value”
Always matches as a check item, and replaces in the
configuration items any attribute of the same name. If no
attribute of that name appears in the request, then this
attribute is added.
As a reply item, it has an identical meaning, but for the
reply items, instead of the request items.
== “Attribute == Value”
As a check item, it matches if the named attribute is present
in the request, AND has the given value.
Not allowed as a reply item.
+= “Attribute += Value”
Always matches as a check item, and adds the current attribute
with value to the list of configuration items.
As a reply item, it has an identical meaning, but the
attribute is added to the reply items.
!= “Attribute != Value”
As a check item, matches if the given attribute is in the
request, AND does not have the given value.
Not allowed as a reply item.
> “Attribute > Value”
As a check item, it matches if the request contains an
attribute with a value greater than the one given.
Not allowed as a reply item.
>= “Attribute >= Value”
As a check item, it matches if the request contains an
attribute with a value greater than, or equal to the one
given.
Not allowed as a reply item.
< “Attribute < Value”
As a check item, it matches if the request contains an
attribute with a value less than the one given.
Not allowed as a reply item.
<= “Attribute <= Value”
As a check item, it matches if the request contains an
attribute with a value less than, or equal to the one given.
Not allowed as a reply item.
=~ “Attribute =~ Expression”
As a check item, it matches if the request contains an
attribute which matches the given regular expression. This
operator may only be applied to string attributes.
Not allowed as a reply item.
!~ “Attribute !~ Expression”
As a check item, it matches if the request contains an
attribute which does not match the given regular expression.
This operator may only be applied to string attributes.
Not allowed as a reply item.
=* “Attribute =* Value”
As a check item, it matches if the request contains the named
attribute, no matter what the value is.
Not allowed as a reply item.
!* “Attribute !* Value”
As a check item, it matches if the request does not contain
the named attribute, no matter what the value is.
Not allowed as a reply item.
这样一来,基本克服了所有问题咯
23
三
07
九城“魔兽世界”超级站点
[九城“魔兽世界”超级站点成功落户我公司
“魔兽世界”超级站点VIP机房于3月20日建成并交付其使用。该超级站点VIP机房面积达240平方米,配备2300A/220V的电力和8台机房专用空调,可容纳52个刀片式服务器机柜。上海九城对“魔兽世界”超级站点VIP机房的各项要求均很高,但在公司各级领导的关怀和支持下,克服了重重困难,最终按时保质向客户交付了机房。
“魔兽世界”超级站点的成功落户,为公司带来了近xxxx万元的收入,不仅促进了我省增值业务的发展,同时对全省的宽带业务保存激增有极大的促进作用,对“四川电信天府热线数据中心”的品牌建设也具有重大的意义。