{"id":10369,"date":"2025-02-11T19:59:52","date_gmt":"2025-02-11T10:59:52","guid":{"rendered":"https:\/\/y2tech.net\/blog\/?p=10369"},"modified":"2026-01-19T15:56:24","modified_gmt":"2026-01-19T06:56:24","slug":"authenticated-vlan-with-aruba-instant-on-2","status":"publish","type":"post","link":"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-2-10369\/","title":{"rendered":"Aruba\u306eAP\u3092\u7528\u3044\u3066\u8a8d\u8a3cVLAN\u3092\u5b9f\u88c5\u3057\u3066\u307f\u308b#2\uff08RADIUS\u30b5\u30fc\u30d0\u3068\u306e\u9023\u643a\uff09"},"content":{"rendered":"<hr \/>\r\n<h4>\u300eAruba\u306eAP\u3092\u7528\u3044\u3066\u8a8d\u8a3cVLAN\u3092\u5b9f\u88c5\u3057\u3066\u307f\u308b\u300f\u3000\u30a4\u30f3\u30c7\u30af\u30b9<\/h4>\r\n<br>\r\n<ul>\r\n<li>\u3000<a href=\"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-1-10315\/\" target=\"_blank\">\u30fb#1 Instant On\u306e\u6982\u8981<\/a><\/li>\r\n<li>\u3000\u30fb#2 RADIUS\u30b5\u30fc\u30d0\u3068\u306e\u9023\u643a<\/a><\/li>\r\n<li>\u3000<a href=\"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-3-10547\/\" target=\"_blank\">\u30fb#3 \u81ea\u5df1\u8a8d\u8a3c\u8a3c\u660e\u66f8\u306e\u8a2d\u5b9a<\/a><\/li>\r\n<li>\u3000<a href=\"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-4-10577\/\" target=\"_blank\">\u30fb#4 EAP-PEAP\u306b\u3088\u308b\u8a8d\u8a3c<\/a><\/li>\r\n<li>\u3000<a href=\"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-5-10604\/\" target=\"_blank\">\u30fb#5 AP\u3092RADIUS\u30b5\u30fc\u30d0\u3068\u9023\u643a\u3055\u305b\u308b<\/a><\/li>\r\n<li>\u3000<a href=\"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-6-10665\/\" target=\"_blank\">\u30fb#6 \u8a8d\u8a3cVLAN\u306e\u5b9f\u88c5<\/a><\/li>\r\n<li>\u3000<a href=\"https:\/\/y2tech.net\/blog\/computer\/sysadmin\/authenticated-vlan-with-aruba-instant-on-7-10685\/\" target=\"_blank\">\u30fb#7 LDAP\u3068\u306e\u9023\u643a<\/a><\/li>\r\n<\/ul>\r\n<hr \/>\r\n<br>\r\n<h3>\u8a8d\u8a3c\u30b5\u30fc\u30d0\u3068\u9023\u643a\u3055\u305b\u3066\u307f\u308b<\/h3>\r\n<br>\r\n<p>\u524d\u56de\u306e\u8a18\u4e8b\u3067\u306f\u3001Aruba AP\u3092Aruba Instant On \u30b5\u30fc\u30d3\u30b9\u3067\u96c6\u4e2d\u7ba1\u7406\u3059\u308b\u3053\u3068\u306b\u3088\u3063\u3066\u6bd4\u8f03\u7684\u5bb9\u6613\u306b\u7121\u7ddaLAN\u30b7\u30b9\u30c6\u30e0\u3092\u69cb\u7bc9\u53ef\u80fd\u306a\u3053\u3068\u3092\u8aac\u660e\u3057\u305f\u304c\u3001\u4eca\u56de\u306f\u7121\u7ddaLAN\u30b7\u30b9\u30c6\u30e0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u3092\u9ad8\u3081\u308b\u305f\u3081\u306b\u3001RADIUS\u30b5\u30fc\u30d0\u3084LDAP\u30b5\u30fc\u30d0\u3068\u9023\u643a\u3055\u305b\u308b\u3053\u3068\u306b\u3088\u3063\u3066\u30e6\u30fc\u30b6\u8a8d\u8a3c\u30d9\u30fc\u30b9\u306e\u7121\u7ddaLAN\u30b7\u30b9\u30c6\u30e0\u3092\u69cb\u7bc9\u3059\u308b\u3053\u3068\u306b\u3059\u308b\uff0e<\/p>\r\n<br>\r\n<p>Aruba\u306eInstant On\u30b7\u30ea\u30fc\u30ba\u306f\u5c02\u4efb\u306e\u60c5\u5831\u90e8\u9580\u304c\u7121\u3044\u3088\u3046\u306a\u6bd4\u8f03\u7684\u5c0f\u898f\u6a21\u306a\u4f1a\u793e\u3084\u7d44\u7e54\u3067\u306e\u5229\u7528\u3092\u60f3\u5b9a\u3057\u3066\u3044\u308b\u304c\u3001\u696d\u52d9\u7528\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3092\u69cb\u7bc9\u3059\u308b\u305f\u3081\u306b\u5fc5\u8981\u306a\u6a5f\u80fd\u306f\u4e00\u901a\u308a\u5099\u308f\u3063\u3066\u3044\u308b\uff0e\u696d\u52d9\u7528\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b7\u30b9\u30c6\u30e0\u3067\u306f\u63a5\u7d9a\u53ef\u80fd\u306a\u30c7\u30d0\u30a4\u30b9\u3084\u4eba\u9593\u3092\u9650\u5b9a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u3001\u8ab0\u304c\u4f55\u6642\u3069\u3053\u3067\u4f55\u3092\u884c\u3063\u305f\u304b\u3068\u3044\u3046\u3053\u3068\u304c\u60aa\u5b9f\u306b\u638c\u63e1\u3067\u304d\u3066\u3044\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\uff0e<\/p>\r\n<br>\r\n<p>\u696d\u52d9\u7528\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3067\u306f\u3001AAA(Authentication\uff1a\u8a8d\u8a3c, Authorization\uff1a\u8a8d\u53ef, Accounting\uff09\u3068\u3044\u3046\u57fa\u672c\u6982\u5ff5\u304c\u3042\u308a\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u30a4\u30c3\u30c1\u3084\u7121\u7ddaLAN\u306e\u30b7\u30b9\u30c6\u30e0\u306b\u306f\u3001\u3053\u306eAAA\u306e\u6a5f\u80fd\u304c\u5099\u308f\u3063\u3066\u3044\u308b\uff0e\u8a8d\u8a3c\u306b\u3088\u308a\u30e6\u30fc\u30b6\u3084\u30c7\u30d0\u30a4\u30b9\u306e\u30a2\u30a4\u30c7\u30f3\u30c6\u30a3\u30c6\u30a3\u306e\u6b63\u5f53\u6027\u3092\u78ba\u8a8d\u3057\u305f\u5f8c\u3001\u305d\u306e\u30e6\u30fc\u30b6\u3084\u30c7\u30d0\u30a4\u30b9\u304c\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u306a\u7bc4\u56f2\u3084\u6a29\u9650\u3092\u6c7a\u5b9a\u3059\u308b\u8a8d\u53ef\u3092\u884c\u3046\uff0eAccounting\u306f\u65e5\u672c\u8a9e\u3067\u306f\u9069\u5207\u306a\u7528\u8a9e\u304c\u306a\u3044\u304c\u3001\u30e6\u30fc\u30b6\u3084\u30c7\u30d0\u30a4\u30b9\u306e\u60c5\u5831\u3001\u63a5\u7d9a\u5148\u306e\u60c5\u5831\u3084\u6642\u9593\u3001\u30ea\u30bd\u30fc\u30b9\u306e\u4f7f\u7528\u91cf\u306a\u3069\u306e\u60c5\u5831\u3092\u53d6\u5f97\u3057\u8a18\u9332\u3059\u308b\u3068\u3044\u3046\u610f\u5473\u3067\u6349\u3048\u308b\u3068\u826f\u3044\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<p>\u3053\u306eAAA\u3092\u5b9f\u73fe\u3059\u308b\u305f\u3081\u306b\u696d\u52d9\u7528\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b7\u30b9\u30c6\u30e0\u3067\u53e4\u304f\u304b\u3089\u5229\u7528\u3055\u308c\u3066\u3044\u308b\u306e\u304cRADIUS(Remote Authentication Dial In User Service\uff09\u30b5\u30fc\u30d0\u3067\u3001\u73fe\u5728\u3067\u3082\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306eAAA\u3092\u53f8\u308b\u91cd\u8981\u306a\u30b7\u30b9\u30c6\u30e0\u3068\u3057\u3066\u591a\u304f\u306e\u4f01\u696d\u3084\u7d44\u7e54\u3067\u5229\u7528\u3055\u308c\u3066\u3044\u308b\uff0eAruba\u306eInstant On\u30b7\u30ea\u30fc\u30ba\u3067\u3082\u3053\u306eRADIUS\u30b5\u30fc\u30d0\u3068\u9023\u643a\u3055\u305b\u308b\u3053\u3068\u3067AAA\u306e\u6a5f\u80fd\u3092\u5b9f\u73fe\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\uff0e<\/p>\r\n<br>\r\n<p>RADIUS\u306f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u4e00\u7a2e\u3067\u3001\u304b\u3064\u3066\u306e\u30e2\u30c7\u30e0\u306a\u3069\u306b\u3088\u308b\u30c0\u30a4\u30a2\u30eb\u30a2\u30c3\u30d7\u63a5\u7d9a\u3084ISP\u3092\u5229\u7528\u3059\u308b\u969b\u306b\u30e6\u30fc\u30b6\u306e\u8a8d\u8a3c\u3092\u884c\u3046\u30d7\u30ed\u30c8\u30b3\u30eb\u3068\u3057\u3066\u4eca\u3067\u3082\u4f7f\u308f\u308c\u3066\u3044\u308b\uff0e\u6700\u8fd1\u306e\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u63a5\u7d9a\u306fPPPoE\u304b\u3089IPoE\u65b9\u5f0f\u3078\u3068\u63a5\u7d9a\u65b9\u5f0f\u304c\u5909\u308f\u3063\u3066\u3057\u307e\u3063\u305f\u306e\u3067\u3001\u30a8\u30f3\u30c9\u30e6\u30fc\u30b6\u304cID\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3067\u8a8d\u8a3c\u3092\u884c\u3046\u5834\u9762\u306f\u6e1b\u3063\u3066\u3057\u307e\u3063\u305f\u304c\u3001RADIUS\u304c\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u88cf\u65b9\u3068\u3057\u3066\u91cd\u8981\u306a\u5f79\u5272\u3092\u62c5\u3063\u3066\u3044\u308b\u3053\u3068\u306b\u306f\u5909\u308f\u308a\u306f\u7121\u3044\uff0e<\/p>\r\n<br>\r\n<p>\u5927\u5b66\u3084\u7814\u7a76\u6a5f\u95a2\u306a\u3069\u306b\u6240\u5c5e\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u30ad\u30e3\u30f3\u30d1\u30b9\u5185\u306e\u7121\u7ddaLAN\u30b7\u30b9\u30c6\u30e0\u306eSSID\u306b <a href=\"https:\/\/www.eduroam.jp\/\" target=\"_blank\">&#8220;eduroam&#8221;<\/a> \u3068\u3044\u3046\u540d\u524d\u3092\u898b\u304b\u3051\u305f\u3053\u3068\u304c\u3042\u308b\u306e\u3067\u306f\u306a\u3044\u304b\u3068\u601d\u3046\uff0e\u3053\u306e &#8220;eduroam&#8221; \u306f\u4e16\u754c\u4e2d\u306e\u5927\u5b66\u3084\u7814\u7a76\u6a5f\u95a2\u306b\u307e\u305f\u304c\u3063\u3066\u5c55\u958b\u3055\u308c\u3066\u3044\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30ed\u30fc\u30df\u30f3\u30b0\u30b7\u30b9\u30c6\u30e0\u3067\u3001\u3053\u306e\u30b7\u30b9\u30c6\u30e0\u306e\u30d0\u30c3\u30af\u30dc\u30fc\u30f3\u3067\u306f &#8220;RADIUS&#8221; \u30d7\u30ed\u30c8\u30b3\u30eb\u304c\u4f7f\u308f\u308c\u3066\u3044\u308b\uff0e<\/p>\r\n<br>\r\n<p>RADIUS\u30d7\u30ed\u30c8\u30b3\u30eb\u306e\u5b58\u5728\u3092\u4e00\u822c\u306e\u4eba\u304c\u610f\u8b58\u3059\u308b\u3053\u3068\u306f\u306a\u3044\u304c\u3001\u4f1a\u793e\u3084\u7d44\u7e54\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3001\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u3092\u652f\u3048\u3066\u3044\u308b\u5927\u5909\u91cd\u8981\u306a\u30d7\u30ed\u30c8\u30b3\u30eb\u3067\u3042\u308b\u3053\u3068\u306b\u7559\u610f\u3057\u3066\u304a\u3044\u3066\u6b32\u3057\u3044\uff0e<\/p>\r\n<br>\r\n<p>\u5927\u898f\u6a21\u306a\u4f01\u696d\u3084\u7d44\u7e54\u3067\u306f\u65e2\u306b\u4f55\u3089\u304b\u306eRADIUS\u30b5\u30fc\u30d0\u304c\u7a3c\u50cd\u3057\u3066\u3044\u308b\u7b48\u306a\u306e\u3067\u3001\u81ea\u524d\u306eRADIUS\u30b5\u30fc\u30d0\u3092\u4e00\u304b\u3089\u69cb\u7bc9\u3059\u308b\u3053\u3068\u306f\u306a\u3044\u3060\u308d\u3046\u304c\u3001\u4e00\u4eba\u60c5\u30b7\u30b9\u3055\u3093\u304c\u6d3b\u8e8d\u3059\u308b\u3088\u3046\u306a\u5c0f\u3055\u306a\u4f01\u696d\u3084\u7d44\u7e54\u306e\u5834\u5408\u3001\u5148\u305a\u3053\u306eRADIUS\u30b5\u30fc\u30d0\u306e\u69cb\u7bc9\u304b\u3089\u59cb\u3081\u306a\u3051\u308c\u3070\u306a\u3089\u306a\u3044\u304b\u3082\u3057\u308c\u306a\u3044\uff0e<\/p>\r\n<br>\r\n<p>RADIUS\u30b5\u30fc\u30d0\u5358\u72ec\u3067\u3082Aruba\u306eInstant On\u3067\u306f\u8a8d\u8a3cVLAN\u3092\u5b9f\u88c5\u53ef\u80fd\u3067\u3042\u308b\u304c\u3001\u30e6\u30fc\u30b6\u306e\u60c5\u5831\u3092RADIUS\u30b5\u30fc\u30d0\u3067\u7ba1\u7406\u904b\u7528\u3059\u308b\u306e\u306f\u4f7f\u3044\u52dd\u624b\u304c\u60aa\u3044\u306e\u3067\u3001\u30e6\u30fc\u30b6\u306e\u60c5\u5831\u306fLDAP\u30b5\u30fc\u30d0\u5074\u3067\u7ba1\u7406\u3059\u308b\u3053\u3068\u3068\u3057\u3001RADIUS\u30b5\u30fc\u30d0\u3067\u306f\u30e6\u30fc\u30b6\u306e\u60c5\u5831\u306fLDAP\u30b5\u30fc\u30d0\u3068\u9023\u643a\u3055\u305b\u308b\u3088\u3046\u306b\u3059\u308b\u3068\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u306e\u7ba1\u7406\u3092Radius\u3001\u30e6\u30fc\u30b6\u306e\u7ba1\u7406\u306fLDAP\u3068\u306a\u308a\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u904b\u7528\u306e\u5229\u4fbf\u6027\u304c\u5411\u4e0a\u3059\u308b\uff0e<\/p>\r\n<br>\r\n<h4>FreeRADIUS\u30b5\u30fc\u30d0\u306e\u69cb\u7bc9<\/h4>\r\n<br>\r\n<p>RADIUS\u30b5\u30fc\u30d0\u3092\u69cb\u7bc9\u3059\u308b\u65b9\u6cd5\u3068\u3057\u3066\u306f\u3001\u5e02\u8ca9\u306e\u30cf\u30fc\u30c9\u30a6\u30a7\u30a2\u4e00\u4f53\u578b\u306e\u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u88fd\u54c1\u3092\u5229\u7528\u3059\u308b\u65b9\u6cd5\u304c\u6700\u3082\u624b\u3063\u53d6\u308a\u65e9\u3044\u306e\u3060\u304c\u3001\u4f55\u305b\u6a5f\u5668\u304c\u9ad8\u984d\u306a\u4e0a\u306b\u5229\u7528\u3059\u308b\u30e6\u30fc\u30b6\u6570\u306b\u5fdc\u3058\u305f\u30e9\u30a4\u30bb\u30f3\u30b9\u6599\u304c\u5fc5\u8981\u306a\u5834\u5408\u304c\u591a\u3044\u306e\u3067\u3001\u3053\u308c\u3089\u306e\u6a5f\u5668\u3092\u5c0e\u5165\u3059\u308b\u306e\u306f\u6577\u5c45\u304c\u9ad8\u904e\u304e\u3066\u3042\u307e\u308a\u73fe\u5b9f\u7684\u3067\u306f\u306a\u3044\uff0e\u5e78\u3044\u306a\u3053\u3068\u306b\u3001RADIUS\u30b5\u30fc\u30d0\u306b\u306f\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u30d9\u30fc\u30b9\u306eFreeRADIUS\u3068\u3044\u3046\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3\u304c\u3042\u308a\u3001\u4e16\u754c\u3067\u4e00\u756a\u4f7f\u308f\u308c\u3066\u3044\u308bRADIUS\u30b5\u30fc\u30d0\u3068\u3057\u3066\u30c7\u30d5\u30a1\u30af\u30c8\u30b9\u30bf\u30f3\u30c0\u30fc\u30c9\u7684\u306a\u4f4d\u7f6e\u4ed8\u3051\u306e\u7269\u3060\uff0e<\/p>\r\n<br>\r\n<p>\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u30d9\u30fc\u30b9\u306a\u306e\u3067\u30e6\u30fc\u30b6\u304c\u81ea\u7531\u306b\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u3057\u3066\u5229\u7528\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b\uff0e\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u3067\u306f\u5c0e\u5165\u306b\u4e0d\u5b89\u304c\u3042\u308b\u3068\u3044\u3046\u306e\u3067\u3042\u308c\u3070<a href=\"https:\/\/www-fr.networkradius.com\/\" target=\"_blank\">Network RADIUS<\/a>\u3068\u3044\u3046\u4f1a\u793e\u304b\u3089\u5546\u7528\u306e\u30b5\u30dd\u30fc\u30c8\u3092\u53d7\u3051\u308b\u3053\u3068\u304c\u53ef\u80fd\u306a\u306e\u3067\u3001RADIUS\u30b5\u30fc\u30d0\u306e\u9078\u629e\u80a2\u3068\u3057\u3066\u306f\u3053\u306eFreeRADIUS\u304c\u4e00\u756a\u306e\u9078\u629e\u80a2\u3068\u306a\u308b\u3060\u308d\u3046\uff0e\u52ff\u8ad6\u3001FreeRADIUS\u306b\u306f\u3001<a href=\"https:\/\/www.freeradius.org\/community\/\" target=\"_blank\">\u30b3\u30df\u30e5\u30cb\u30c6\u30a3\u30fc\u30b5\u30dd\u30fc\u30c8<\/a>\u306e\u30da\u30fc\u30b8\u304c\u3042\u308b\u306e\u3067\u3001\u30b3\u30df\u30e5\u30cb\u30c6\u30a3\u30fc\u30c1\u30fc\u30e0\u304b\u3089\u306e\u60c5\u5831\u63d0\u4f9b\u3082\u53d7\u3051\u3089\u308c\u308b\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<p>FreeRADIUS\u306e\u73fe\u5728\u306e\u6700\u65b0\u5b89\u5b9a\u7248\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306f V3.2.x \u3067\u3001\u30e1\u30b8\u30e3\u30fc\u306aLinux\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3(Ubuntu, Debian, RockyLinux, RHEL, CentOS\uff09\u3067\u3042\u308c\u3070\u306b\u30d0\u30a4\u30ca\u30ea\u30d1\u30c3\u30b1\u30fc\u30b8\u306e\u5f62\u3067\u63d0\u4f9b\u3055\u308c\u3066\u3044\u308b\uff0e\u52ff\u8ad6\u3001\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u3067\u3082\u63d0\u4f9b\u3055\u308c\u3066\u3044\u308b\u306e\u3067\u3001\u81ea\u5206\u3067\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u304b\u3089\u81ea\u5206\u3067\u30b3\u30f3\u30d1\u30a4\u30eb\u3057\u3066\u5229\u7528\u3059\u308b\u3053\u3068\u3082\u53ef\u80fd\u3060\uff0e<\/p>\r\n<br>\r\n<p>\u4eca\u56de\u306f\u3001RockyLinux9\u7528\u306e<a href=\"https:\/\/packages.inkbridgenetworks.com\/#fr32-rocky\" target=\"_blank\">\u30d0\u30a4\u30ca\u30ea\u30d1\u30c3\u30b1\u30fc\u30b8<\/a>\u3092\u5229\u7528\u3059\u308b\u3053\u3068\u306b\u3059\u308b\uff0e\u30d0\u30a4\u30ca\u30ea\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u5229\u7528\u3057\u305f\u5c0e\u5165\u624b\u9806\u306e\u30da\u30fc\u30b8\u306b\u5f93\u3063\u3066\u9032\u3081\u3066\u884c\u3051\u3070\u7c21\u5358\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3067\u304d\u308b\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<pre><code class=\"language-Markup\" style=\"height: 600px;\">\r\n\r\n[ NetworkRADIUS\u793e\u306e\u30d1\u30d6\u30ea\u30c3\u30afPGP\u30ad\u30fc\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b ]\r\n\r\n rpm --import 'https:\/\/packages.networkradius.com\/pgp\/packages%40networkradius.com'\r\n\r\n[\u3000NetworkRADIUS\u793e\u306e\u30ea\u30dd\u30b8\u30c8\u30ea\u60c5\u5831\u3092\u767b\u9332 ]\r\n\r\ncat <<'__EOF__' >\/etc\/yum.repos.d\/networkradius.repo\r\n[networkradius]\r\nname=NetworkRADIUS-$releasever\r\nbaseurl=http:\/\/packages.networkradius.com\/freeradius-3.2\/rocky\/$releasever\/\r\nenabled=1\r\ngpgcheck=1\r\ngpgkey=https:\/\/packages.networkradius.com\/pgp\/packages%40networkradius.com\r\n__EOF__\r\n\r\n[ yum\u95a2\u9023\u306e\u30e6\u30fc\u30c6\u30a3\u30ea\u30c6\u30a3\u30fc\u3068CRB\u30ea\u30dd\u30b8\u30c8\u30ea\u3092\u8ffd\u52a0\u3000]\r\n\r\n yum install yum-utils\r\n yum config-manager --enable crb\r\n\r\n[ FreeRADIUS\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3000]\r\n\r\n yum install freeradius\r\n\r\n[ RADIUS\u95a2\u9023\u306e\u30e6\u30fc\u30c6\u30a3\u30ea\u30c6\u30a3\u30fc\u30c4\u30fc\u30eb\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb]\r\n\r\n dnf install freeradius-utils\r\n\r\n[ FreeRADIUS\u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\uff08KRB5, LDAP\uff09]\r\n\r\n yum install  freeradius-krb5\r\n yum install  freeradius-ldap\r\n\r\n<\/code>\r\n<\/pre>\r\n<p class=\"center\">Rocky Linux9.5\u4e0a\u306b\u30d0\u30a4\u30ca\u30ea\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u5229\u7528\u3057\u3066FreeRADIUS V3.2\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u624b\u9806<\/p>\r\n<br>\r\n<p>\u4e0a\u8a18\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u4f5c\u696d\u304c\u7121\u4e8b\u7d42\u4e86\u3059\u308b\u3068\u3001&#8217;\/etc\/raddb\/&#8217; \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u914d\u4e0b\u306b FreeRADIUS\u306e\u4e00\u9023\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u304c\u914d\u7f6e\u3055\u308c\u3066\u3044\u308b\u3060\u308d\u3046\uff0e<\/p>\r\n<br>\r\n<pre><code class=\"language-Markup\" style=\"height: 600px;\">\r\n[root@auth raddb]# ls -la\r\ntotal 168\r\ndrwxr-xr-x   9 root radiusd  4096 Feb 11 19:00 .\r\ndrwxr-xr-x. 88 root root     8192 Feb 11 19:03 ..\r\ndrwxrwx---   3 root radiusd  4096 Feb 11 19:01 certs\r\n-rw-r-----   1 root radiusd 12103 Jan 31 21:36 clients.conf\r\n-rw-r--r--   1 root radiusd  1420 Jan 31 21:36 dictionary\r\nlrwxrwxrwx   1 root radiusd    30 Jan 31 21:36 hints -> .\/mods-config\/preprocess\/hints\r\nlrwxrwxrwx   1 root radiusd    35 Jan 31 21:36 huntgroups -> .\/mods-config\/preprocess\/huntgroups\r\ndrwxr-x---   2 root radiusd  4096 Feb 11 19:00 mods-available\r\ndrwxr-x---  10 root radiusd   140 Feb 11 19:00 mods-config\r\ndrwxr-x---   2 root radiusd  4096 Feb 11 19:00 mods-enabled\r\n-rw-r-----   1 root radiusd    52 Jan 31 21:36 panic.gdb\r\ndrwxr-x---   2 root radiusd  4096 Feb 11 19:00 policy.d\r\n-rw-r-----   1 root radiusd 30442 Jan 31 21:36 proxy.conf\r\n-rw-r-----   1 root radiusd 40953 Jan 31 21:36 radiusd.conf\r\n-rw-r-----   1 root radiusd 20754 Jan 31 21:36 README.rst\r\ndrwxr-x---   2 root radiusd  4096 Feb 11 19:00 sites-available\r\ndrwxr-x---   2 root radiusd    41 Feb 11 19:00 sites-enabled\r\n-rw-r-----   1 root radiusd  3470 Jan 31 21:36 templates.conf\r\n-rw-r-----   1 root radiusd  8536 Jan 31 21:36 trigger.conf\r\nlrwxrwxrwx   1 root radiusd    29 Jan 31 21:36 users -> .\/mods-config\/files\/authorize\r\n\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<br>\r\n[ \u7d9a\u304f\uff0e\uff0e\uff0e\uff08Radius\u30b5\u30fc\u30d0\u3068LDAP\u30b5\u30fc\u30d0\u306e\u74b0\u5883\u3092Proxmox\u74b0\u5883\u3067\u65b0\u305f\u306b\u69cb\u7bc9\u3059\u308b\u3053\u3068\u306b\u3057\u305f\u306e\u3067\u3001\u4e00\u65e6\u4e2d\u65ad\u3057\u307e\u3059\uff09\u3000] \r\n<br>\r\n<br>\r\n<div style=\"width: 100%; margin:; 0 auto; text-align: center;\">\r\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/02\/proxmox_web_console.png\" alt=\"proxmox gui console\" width=\"640\" height=\"476\" class=\"size-full wp-image-10533\" srcset=\"https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/02\/proxmox_web_console.png 640w, https:\/\/y2tech.net\/blog\/wp-content\/uploads\/2025\/02\/proxmox_web_console-320x238.png 320w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/>\r\n<br>\r\n<span>\u3068\u308a\u3042\u3048\u305a\u5404\u7a2e\u30b5\u30fc\u30d0\u985e\u3092 Proxmox \u74b0\u5883\u306b\u79fb\u884c\u3057\u305f<\/span>\r\n<\/div>\r\n<br>\r\n<br>\r\n<p>FreeRADIUS\u30b5\u30fc\u30d0\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306f &#8216;etc\/raddb&#8217; \u914d\u4e0b\u306b\u7f6e\u304b\u308c\u3066\u3044\u308b\u304c\u3001FreeRADIUS\u306e\u69cb\u6210\u306f\u3068\u3066\u3082\u8907\u96d1\u3067\u69d8\u3005\u306a\u6a5f\u80fd\u3092\u5185\u5305\u3057\u3066\u3044\u308b\u306e\u3067FreeRADIUS\u306e\u6a5f\u80fd\u3092\u8aac\u660e\u3059\u308b\u3053\u3068\u306f\u96e3\u3057\u3044\uff0e\u4eca\u56de\u306fAruba AP\u3067\u8a8d\u8a3cVLAN\u3092\u5b9f\u73fe\u3059\u308b\u305f\u3081\u306b\u95a2\u4fc2\u3059\u308b\u90e8\u5206\u3060\u3051\u306e\u8aac\u660e\u306b\u7559\u3081\u308b\u3053\u3068\u306b\u3059\u308b\uff0e<\/p>\r\n<br>\r\n<p>&#8216;etc\/raddb&#8217; \u914d\u4e0b\u306e\u95a2\u9023\u30d5\u30a1\u30a4\u30eb\u3092tree\u30b3\u30de\u30f3\u30c9\u3067\u30ea\u30b9\u30c6\u30a3\u30f3\u30b0\u3059\u308b\u3068\u4e0b\u8a18\u306e\u3088\u3046\u306b\u306a\u3063\u3066\u3044\u308b.<\/p>\r\n<br>\r\n\r\n<pre><code class=\"language-Markup\" style=\"height: 600px;\">\r\n\r\n[root@nsauth6 raddb]# tree\r\n.\r\n\u251c\u2500\u2500 README.rst\r\n\u251c\u2500\u2500 certs\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 Makefile\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 README\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 bootstrap\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 ca.cnf\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 client.cnf                       \r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 inner-server.cnf\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 passwords.mk\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 server.cnf\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 xpextensions\r\n\u251c\u2500\u2500 clients.conf                        <=== RADIUS\u30b5\u30fc\u30d0\u306b\u8a8d\u8a3c\u3092\u554f\u3044\u5408\u308f\u305b\u308bNW\u6a5f\u5668(NAS\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\uff09\u306e\u8a2d\u5b9a\r\n\u251c\u2500\u2500 dictionary                          <=== RADIUS\u8f9e\u66f8\r\n\u251c\u2500\u2500 hints -> .\/mods-config\/preprocess\/hints\r\n\u251c\u2500\u2500 huntgroups -> .\/mods-config\/preprocess\/huntgroups\r\n\u251c\u2500\u2500 mods-available\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 README.rst\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 always\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 attr_filter\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 cache\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 cache_eap\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 chap\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 counter\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 cui\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 date\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 detail\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 detail.example.com\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 detail.log\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dhcp\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dhcp_sqlippool\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 digest\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dynamic_clients\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 eap                         <=== EAP\u95a2\u9023\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 echo\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 etc_group\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 exec\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 expiration\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 expr\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 files\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 idn\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 inner-eap\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 ippool\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 krb5\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 ldap                         <=== LDAP\u306b\u3088\u308b\u8a8d\u8a3c\u3092\u884c\u3046\u305f\u3081\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 linelog\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 logintime\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mac2ip\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mac2vlan\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mschap                       <=== Microsoft CHAP \u8a8d\u8a3c\u3092\u884c\u3046\u305f\u3081\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 ntlm_auth\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 opendirectory\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 otp\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 pam\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 pap\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 passwd\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 preprocess\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 python\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 python3\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 radutmp\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 realm\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 redis\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 rediswho\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 replicate\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 smbpasswd\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 smsotp\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 soh\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sometimes\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sql\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sqlcounter\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sqlippool\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sradutmp\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 unix\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 unpack\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 utf8\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 wimax\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 yubikey\r\n\u251c\u2500\u2500 mods-config\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 README.rst\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 attr_filter\r\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 access_challenge\r\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 access_reject\r\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 accounting_response\r\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 post-proxy\r\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 pre-proxy\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 files\r\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 accounting\r\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 authorize             <===  \u30e6\u30fc\u30b6\u306e\u8a8d\u8a3c\u60c5\u5831\u5b9a\u7fa9\u30d5\u30a1\u30a4\u30eb\r\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 pre-proxy\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 preprocess\r\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 hints\r\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 huntgroups\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 sql\r\n\u2502\u00a0\u00a0     \u251c\u2500\u2500 counter\r\n\u2502\u00a0\u00a0     \u251c\u2500\u2500 cui\r\n\u2502\u00a0\u00a0     \u251c\u2500\u2500 ippool\r\n\u2502\u00a0\u00a0     \u251c\u2500\u2500 ippool-dhcp\r\n\u2502\u00a0\u00a0     \u2514\u2500\u2500 main\r\n\u251c\u2500\u2500 mods-enabled\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 always -> ..\/mods-available\/always\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 attr_filter -> ..\/mods-available\/attr_filter\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 cache_eap -> ..\/mods-available\/cache_eap\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 chap -> ..\/mods-available\/chap\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 date -> ..\/mods-available\/date\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 detail -> ..\/mods-available\/detail\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 detail.log -> ..\/mods-available\/detail.log\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 digest -> ..\/mods-available\/digest\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dynamic_clients -> ..\/mods-available\/dynamic_clients\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 eap -> ..\/mods-available\/eap\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 echo -> ..\/mods-available\/echo\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 exec -> ..\/mods-available\/exec\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 expiration -> ..\/mods-available\/expiration\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 expr -> ..\/mods-available\/expr\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 files -> ..\/mods-available\/files\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 linelog -> ..\/mods-available\/linelog\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 logintime -> ..\/mods-available\/logintime\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mschap -> ..\/mods-available\/mschap\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 ntlm_auth -> ..\/mods-available\/ntlm_auth\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 pap -> ..\/mods-available\/pap\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 passwd -> ..\/mods-available\/passwd\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 preprocess -> ..\/mods-available\/preprocess\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 radutmp -> ..\/mods-available\/radutmp\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 realm -> ..\/mods-available\/realm\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 replicate -> ..\/mods-available\/replicate\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 soh -> ..\/mods-available\/soh\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sradutmp -> ..\/mods-available\/sradutmp\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 unix -> ..\/mods-available\/unix\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 unpack -> ..\/mods-available\/unpack\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 utf8 -> ..\/mods-available\/utf8\r\n\u251c\u2500\u2500 panic.gdb\r\n\u251c\u2500\u2500 policy.d\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 accounting\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 canonicalization\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 control\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 cui\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 debug\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dhcp\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 eap\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 filter\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 operator-name\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 rfc7542\r\n\u251c\u2500\u2500 proxy.conf\r\n\u251c\u2500\u2500 radiusd.conf                       <=== FreeRADIUS\u306e\u30e1\u30a4\u30f3\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\r\n\u251c\u2500\u2500 sites-available\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 README\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 buffered-sql\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 challenge\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 channel_bindings\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 check-eap-tls\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 coa\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 coa-relay\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 control-socket\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 copy-acct-to-home-server\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 decoupled-accounting\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 default                      <=== \r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dhcp\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dhcp.relay\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dynamic-clients\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 example\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 inner-tunnel                 <===  EAP \u306e\u30c8\u30f3\u30cd\u30ea\u30f3\u30b0\u8a2d\u5b9a\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 originate-coa\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 proxy-inner-tunnel\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 robust-proxy-accounting\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 soh\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 status\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 tls\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 virtual.example.com\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 vmps\r\n\u251c\u2500\u2500 sites-enabled\r\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 default -> ..\/sites-available\/default\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 inner-tunnel -> ..\/sites-available\/inner-tunnel\r\n\u251c\u2500\u2500 templates.conf\r\n\u251c\u2500\u2500 trigger.conf\r\n\u2514\u2500\u2500 users -> .\/mods-config\/files\/authorize\r\n\r\n16 directories, 157 files\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<br>\r\n<h4>RADIUS\u30b5\u30fc\u30d0\u5358\u72ec\u3067\u306e\u8a66\u9a13<\/h4>\r\n<br>\r\n<p>\u4eca\u56de\u306e\u8a8d\u8a3cVLAN\u3067\u306fLDAP\u306b\u3088\u308b\u30e6\u30fc\u30b6\u8a8d\u8a3c\u60c5\u5831\u306b\u57fa\u3065\u3044\u3066\u30e6\u30fc\u30b6\u3092\u53ce\u5bb9\u3059\u308bVLAN\u3092\u30c0\u30a4\u30ca\u30df\u30c3\u30af\u306b\u5272\u308a\u5f53\u3066\u308b\u3053\u3068\u306b\u3059\u308b\u304c\u3001RADIUS\u30b5\u30fc\u30d0\u3092LDAP\u3068\u9023\u643a\u3055\u305b\u308b\u524d\u306b\u3001RADIUS\u30b5\u30fc\u30d0\u304c\u6b63\u5e38\u306b\u6a5f\u80fd\u3057\u3066\u3044\u308b\u304b\u3069\u3046\u304b\u78ba\u8a8d\u3059\u308b\u305f\u3081\u3001\u5148\u305a\u306fRADIUS\u30b5\u30fc\u30d0\u5358\u72ec\u3067\u8a8d\u8a3cVLAN\u3092\u69cb\u7bc9\u3057\u3066\u307f\u308b\uff0e<\/p>\r\n<br>\r\n<p>\u3010 &#8220;\/etc\/raddb\/radiusd.conf&#8221; \u3011<br>\r\n<br>\r\n<p>\u5343\u6570\u767e\u884c\u3082\u3042\u308bFreeRADIUS\u306e\u30e1\u30a4\u30f3\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3060\u304c\u3001\u4eca\u56de\u306f\u30ed\u30b0\u95a2\u9023\u306e\u8a2d\u5b9a\u3092\u4e00\u90e8\u5909\u66f4\u3059\u308b\u3060\u3051\u3067\u4ed6\u306e\u90e8\u5206\u306b\u306f\u624b\u3092\u4ed8\u3051\u306a\u3044\uff0e\u672c\u756a\u904b\u7528\u3067\u306f\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u898b\u76f4\u3057\u3066\u30c1\u30e5\u30fc\u30cb\u30f3\u30b0\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u304c\u3001\u4eca\u56de\u306f\u691c\u8a3c\u7528\u306a\u306e\u3067\u305d\u306e\u307e\u307e\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u5024\u3068\u3059\u308b\uff0e<\/p>\r\n<br>\r\n<p>\u30ed\u30b0\u95a2\u9023\u306e\u8a2d\u5b9a\u306f310\u884c\u76ee\u8fba\u308a\u304b\u3089423\u884c\u76ee\u8fba\u308a\u306b\u3042\u308a\u3001\u8a8d\u8a3c\u30ed\u30b0\u3092\u53d6\u5f97\u3059\u308b\u8a2d\u5b9a\u306b\u5909\u66f4\u3059\u308b\uff0e<br>\r\n<br>\r\n\u3000\u3000&#8221;auth = no&#8221;           ===> &#8220;auth = yes&#8221;<br>\r\n\u3000\u3000&#8221;auth_badpass = no&#8221;   ===> &#8220;auth_badpass = yes&#8221;<br>\r\n\u3000\u3000&#8221;auth_goodpass  = no&#8221; ===> &#8220;auth_goodpass  = yes&#8221;<br>\r\n<br>\r\n<br>\r\n<p>\u3010 &#8220;\/etc\/raddb\/clients.conf&#8221; \u3011<br>\r\n<br>\r\n<p>RADIUS\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u306a\u308b\u5404\u7a2e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88c5\u7f6e\u306e\u60c5\u5831\u3092\u5b9a\u7fa9\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u3067\u3001\u3053\u3053\u306b\u8a18\u3055\u308c\u305f\u5404\u7a2e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u306e\u6b63\u5f53\u6027\u3092RADIUS\u30b5\u30fc\u30d0\u304c\u78ba\u8a8d\u3059\u308b\u305f\u3081\u306e\u3082\u306e\u3060\uff0eRADIUS\u30b5\u30fc\u30d0\u306f\u3053\u3053\u306b\u8a18\u8f09\u3055\u308c\u305f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u4ee5\u5916\u304b\u3089\u306e\u30ea\u30af\u30a8\u30b9\u30c8\u306f\u62d2\u5426\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\uff0e<\/p>\r\n<br>\r\n<p>\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306fRADIUS\u30b5\u30fc\u30d0\u81ea\u8eab(localhost)\u3057\u304b\u53d7\u3051\u4ed8\u3051\u306a\u3044\u8a2d\u5b9a\u306b\u306a\u3063\u3066\u3044\u308b\uff0e\u3053\u3053\u306b\u8a8d\u8a3c\u3092\u4f9d\u983c\u3059\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u306eIP\u30a2\u30c9\u30ec\u30b9\u3068\u79d8\u5bc6\u306e\u30ad\u30fc\u30ef\u30fc\u30c9\u3092\u767b\u9332\u3059\u308b\uff0e\u8a8d\u8a3c\u3092\u53d7\u3051\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u304c\u5c11\u306a\u3044\u5834\u5408\u306f\u500b\u3005\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u6a5f\u5668\u3092\u767b\u9332\u3059\u308b\u304c\u3001\u6a5f\u5668\u306e\u6570\u304c\u591a\u3044\u5834\u5408\u306f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30bb\u30b0\u30e1\u30f3\u30c8\u5358\u4f4d\u3067\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u5b9a\u7fa9\u3059\u308b\u3053\u3068\u3082\u53ef\u80fd\u3060\uff0e<\/p>\r\n<br>\r\n<p>\u5c1a\u3001localhost\u306e\u79d8\u5bc6\u306e\u30ad\u30fc\u30ef\u30fc\u30c9\u306f &#8220;testing123&#8221; \u3068\u306a\u3063\u3066\u3044\u308b\u304c\u3001\u3053\u308c\u306f\u8ab0\u3067\u3082\u77e5\u3063\u3066\u3044\u308b\u6697\u9ed9\u306e\u30ad\u30fc\u30ef\u30fc\u30c9\u306a\u306e\u3067\u3001\u521d\u671f\u306e\u52d5\u4f5c\u78ba\u8a8d\u304c\u7d42\u308f\u3063\u305f\u3089\u79d8\u5bc6\u306e\u30ad\u30fc\u30ef\u30fc\u30c9\u306f\u5909\u66f4\u3057\u3066\u304a\u304f\u304b\u7121\u52b9\u5316\u3059\u308b\u3053\u3068\u3092\u5fd8\u308c\u305a\u306b\uff0e<\/p>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n \r\nclient xxx.yyy.zzz.0\/24 {\r\n    secret = This#1sN0t@Amer1ca\r\n    shortname = admin    \r\n}\r\n \r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<p>\u3010 &#8220;\/etc\/raddb\/users&#8221; \u3011<br>\r\n<br>\r\n\u3000\u3053\u3061\u3089\u306fRADIUS\u30b5\u30fc\u30d0\u3067\u8a8d\u8a3c\u3055\u308c\u308b\u30e6\u30fc\u30b6\u306e\u60c5\u5831\u3092\u30ed\u30fc\u30ab\u30eb\u306b\u8a2d\u5b9a\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u3067\u3001\u3053\u3053\u306b\u30e6\u30fc\u30b6\u60c5\u5831\u3092\u8a18\u8f09\u3059\u308b\u3068\u30ed\u30fc\u30ab\u30eb\u8a8d\u8a3c\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u308b\uff0e\u3068\u308a\u3042\u3048\u305a\u7c21\u5358\u306a\u30c6\u30b9\u30c8\u7528\u306e\u30e6\u30fc\u30b6ID\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u8a18\u8f09\u3057\u3066\u3001RADIUS\u30b5\u30fc\u30d0\u306e\u521d\u671f\u30c6\u30b9\u30c8\u3092\u884c\u3046\u3053\u3068\u304c\u3067\u304d\u308b\uff0e<\/p>\r\n<br>\r\n<p>\u30c7\u30d5\u30a9\u30eb\u30c8\u72b6\u614b\u3067\u30b5\u30f3\u30d7\u30eb\u4f8b\u304c\u30b3\u30e1\u30f3\u30c8\u306b\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b\u304c\u3001\u30d5\u30a1\u30a4\u30eb\u306e\u672b\u5c3e\u306b\u6b21\u306e\u3088\u3046\u306a\u30c6\u30b9\u30c8\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u8ffd\u8a18\u3057\u3066\u304a\u304f\uff0e\u52ff\u8ad6\u3053\u306e\u30c6\u30b9\u30c8\u7528\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u306f\u672c\u756a\u74b0\u5883\u3067\u306f\u524a\u9664\u3059\u308b\u3053\u3068\u3092\u5fd8\u308c\u305a\u306b\uff0e<\/p>\r\n<br>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n \r\nrad-test001 Cleartext-Password := \"Kikanaide4\"\r\n\t    Reply-Message := \"Welcome, %{User-Name}\"   <=== \u8a8d\u8a3c\u6210\u529f\u6642\u306b\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u9001\u51fa\uff08\u304a\u307e\u3051\uff09\r\n \r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<p>\u3068\u308a\u3042\u3048\u305a \"radiusd.conf\"\u3068\"users\" \u306e2\u3064\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u8a2d\u5b9a\u3057\u305f\u3089\u3001radtest \u30c4\u30fc\u30eb\u3092\u7528\u3044\u3066RADIUS\u30b5\u30fc\u30d0\u306b\u5bfe\u3057\u3066users\u306b\u8a18\u8f09\u3057\u305f\u30c6\u30b9\u30c8\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u8a8d\u8a3c\u304c\u3067\u304d\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\uff0eRADIUS\u30b5\u30fc\u30d0\u306e\u8d77\u52d5\u30aa\u30d7\u30b7\u30e7\u30f3\u306b -X \u3092\u4ed8\u3051\u3066\u3001\u30c7\u30d0\u30c3\u30b0\u30e2\u30fc\u30c9\u3067\u8d77\u52d5\u3059\u308b\uff0eRADIUS\u30b5\u30fc\u30d0\u306e\u72b6\u614b\u306b\u95a2\u3059\u308b\u8a73\u7d30\u306a\u5927\u91cf\u306e\u30c7\u30d0\u30c3\u30b0\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u51fa\u529b\u3055\u308c\u3001\u8a8d\u8a3c\u5f85\u3061\u53d7\u3051\u30e2\u30fc\u30c9\u3068\u306a\u308b\uff0e<\/p>\r\n<br>\r\n<br>\r\n<pre><code class=\"language-Markup\" style=\"height: 600px;\">\r\n\r\n[root@nsauth6 raddb]# radiusd -X     <=== \u30c7\u30d0\u30c3\u30b0\u30e2\u30fc\u30c9\u3067\u8d77\u52d5\r\nFreeRADIUS Version 3.0.21\r\nCopyright (C) 1999-2019 The FreeRADIUS server project and contributors\r\nThere is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A\r\nPARTICULAR PURPOSE\r\nYou may redistribute copies of FreeRADIUS under the terms of the\r\nGNU General Public License\r\nFor more information about these matters, see the file named COPYRIGHT\r\nStarting - reading configuration files ...\r\nincluding dictionary file \/usr\/share\/freeradius\/dictionary\r\nincluding dictionary file \/usr\/share\/freeradius\/dictionary.dhcp\r\nincluding dictionary file \/usr\/share\/freeradius\/dictionary.vqp\r\nincluding dictionary file \/etc\/raddb\/dictionary\r\nincluding configuration file \/etc\/raddb\/radiusd.conf\r\nincluding configuration file \/etc\/raddb\/proxy.conf\r\nincluding configuration file \/etc\/raddb\/clients.conf\r\n  ...\r\n realm LOCAL {\r\n }\r\nradiusd: #### Loading Clients ####\r\n client localhost {\r\n \tipaddr = 127.0.0.1\r\n \tsecret = <<< secret >>>\r\n \tnas_type = \"other\"\r\n \tproto = \"*\"\r\n  limit {\r\n  \tmax_connections = 16\r\n  \tlifetime = 0\r\n  \tidle_timeout = 30\r\n  }\r\n }\r\n client localhost_ipv6 {\r\n \tipv6addr = ::1\r\n \tsecret = <<< secret >>>\r\n  limit {\r\n  \tmax_connections = 16\r\n  \tlifetime = 0\r\n  \tidle_timeout = 30\r\n  }\r\n }\r\nDebugger not attached\r\n # Creating Auth-Type = mschap\r\n # Creating Auth-Type = digest\r\n # Creating Auth-Type = eap\r\n # Creating Auth-Type = PAP\r\n # Creating Auth-Type = CHAP\r\n # Creating Auth-Type = MS-CHAP\r\nradiusd: #### Instantiating modules ####\r\n modules {\r\n  # Loaded module rlm_always\r\n  # Loading module \"reject\" from file \/etc\/raddb\/mods-enabled\/always\r\n  always reject {\r\n  \trcode = \"reject\"\r\n  \tsimulcount = 0\r\n  \tmpp = no\r\n  }\r\n\r\n...\r\n\r\nradiusd: #### Opening IP addresses and Ports ####\r\nlisten {\r\n  \ttype = \"auth\"\r\n  \tipaddr = *\r\n  \tport = 0\r\n   limit {\r\n   \tmax_connections = 16\r\n   \tlifetime = 0\r\n   \tidle_timeout = 30\r\n   }\r\n}\r\nlisten {\r\n  \ttype = \"acct\"\r\n  \tipaddr = *\r\n  \tport = 0\r\n   limit {\r\n   \tmax_connections = 16\r\n   \tlifetime = 0\r\n   \tidle_timeout = 30\r\n   }\r\n}\r\nlisten {\r\n  \ttype = \"auth\"\r\n  \tipv6addr = ::\r\n  \tport = 0\r\n   limit {\r\n   \tmax_connections = 16\r\n   \tlifetime = 0\r\n   \tidle_timeout = 30\r\n   }\r\n}\r\nlisten {\r\n  \ttype = \"acct\"\r\n  \tipv6addr = ::\r\n  \tport = 0\r\n   limit {\r\n   \tmax_connections = 16\r\n   \tlifetime = 0\r\n   \tidle_timeout = 30\r\n   }\r\n}\r\nlisten {\r\n  \ttype = \"auth\"\r\n  \tipaddr = 127.0.0.1\r\n  \tport = 18120\r\n}\r\nListening on auth address * port 1812 bound to server default\r\nListening on acct address * port 1813 bound to server default\r\nListening on auth address :: port 1812 bound to server default\r\nListening on acct address :: port 1813 bound to server default\r\nListening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel\r\nListening on proxy address * port 41221\r\nListening on proxy address :: port 45075\r\nReady to process requests\r\n\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<p>RADIUS\u30b5\u30fc\u30d0\u304c\u30c7\u30d0\u30c3\u30b0\u30e2\u30fc\u30c9\u3067\u8d77\u52d5\u3057\u305f\u3068\u3053\u308d\u3067\u3001RADIUS\u30b5\u30fc\u30d0\u4e0a\u3067\u5225\u306a\u30bf\u30fc\u30df\u30ca\u30eb\u3092\u7acb\u3061\u4e0a\u3052RADIUS\u30b5\u30fc\u30d0\u306bSSH\u7b49\u3067\u63a5\u7d9a\u3059\u308b\uff0e\u3053\u306e\u969b\u306e\u30e6\u30fc\u30b6\u30a2\u30ab\u30a6\u30f3\u30c8\u306f\u4e00\u822c\u30e6\u30fc\u30b6\u3067\u69cb\u308f\u306a\u3044\uff0e\"radtest\" \u30c4\u30fc\u30eb\u3092\u7528\u3044\u3066\u3001\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u304b\u3089RADIUS\u30b5\u30fc\u30d0\u306b\u5bfe\u3057\u3066\u63a5\u7d9a\u30c6\u30b9\u30c8\u3092\u884c\u3046\uff0e\u8a8d\u8a3c\u65b9\u5f0f\u3068\u3057\u3066 \"PAP\"\u3001\"CHAP\"\u3001\"MSCHAP\" \u306e\u4f55\u308c\u3067\u3082\u554f\u984c\u306a\u304f\u8a8d\u8a3c\u304c\u901a\u308b(Accept\uff09\u3055\u308c\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\uff0e <\/p>\r\n<br>\r\n<p>\u8fd4\u7b54\u3055\u308c\u305f\u30e1\u30c3\u30bb\u30fc\u30b8\u4e2d\u306b\u3001\"Received Access-Accept\"\u3000\u3068\u3044\u3046\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u542b\u307e\u308c\u3066\u3044\u305f\u3089\u8a8d\u8a3c\u6210\u529f\u3067\u3042\u308b\uff0e\u5c1a\u3001\u8a8d\u8a3c\u5931\u6557\u6642\u306f \"Received Access-Reject\" \u304c\u8fd4\u3055\u308c\u308b\uff0e\u5408\u3044\u8a00\u8449\u3092\u9593\u9055\u3048\u308b\u3068RADIUS\u30b5\u30fc\u30d0\u306f\u30ec\u30b9\u30dd\u30f3\u30b9\u3092\u8fd4\u3055\u306a\u3044\uff0e<\/p>\r\n<br>\r\n<p>radtest\u30b3\u30de\u30f3\u30c9\u306f\u3001<br>\r\n<br>\r\n  radtest  -t [ pap\/chap\/mschap ] &lt;userid&gt; &lt;password&gt;  &lt;RADIUS IP&gt;  &lt;NAS Port Number&gt;  &lt;Secret Keyword&gt;  <br>\r\n<br>\r\n\u3000\u306e\u3088\u3046\u306b\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u6307\u5b9a\u3059\u308b\uff0eNAS Port Number\u3000\u306fRADIUS\u30b5\u30fc\u30d0\u306b\u9001\u308b\u5c5e\u6027\u5024\u3067\u3042\u308b\u304c\u3001\u3053\u306e\u63a5\u7d9a\u30c6\u30b9\u30c8\u3067\u306f\u4f7f\u7528\u3057\u306a\u3044\u306e\u3067\u30010 \u301c 2^15 (32767) \u307e\u3067\u306e\u9069\u5f53\u306a\u6574\u6570\u5024\u3092\u4e0e\u3048\u3066\u304a\u304f\uff0e\u3053\u3053\u3067\u306f 0 \u3092\u6307\u5b9a\u3057\u3066\u3044\u308b\uff0eSecret Keyword\u306fNAS\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068RADIUS\u30b5\u30fc\u30d0\u9593\u3067\u4e88\u3081\u8a2d\u5b9a\u3057\u305f\u79d8\u5bc6\u306e\u5408\u8a00\u8449\u3067\u3042\u308b\uff0e<\/p>\r\n<br>\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n\r\n[yasuaki@nsauth6 ~]$ radtest -t pap rad-test001 Kikanaide4 localhost 0 testing123    <=== PAP\u8a8d\u8a3c\r\nSent Access-Request Id 63 from 0.0.0.0:38732 to 127.0.0.1:1812 length 81\r\n\tUser-Name = \"rad-test001\"\r\n\tUser-Password = \"Kikanaide4\"\r\n\tNAS-IP-Address = 172.25.100.6\r\n\tNAS-Port = 0\r\n\tCleartext-Password = \"Kikanaide4\"\r\nReceived Access-Accept Id 63 from 127.0.0.1:1812 to 127.0.0.1:38732 length 60\r\n\tMessage-Authenticator = 0x0ff755f3e2b236e465800eec5444d99c\r\n\tReply-Message = \"Welcome, rad-test001\"\r\n[yasuaki@nsauth6 ~]$ \r\n\r\n[yasuaki@nsauth6 ~]$ radtest -t chap rad-test001 Kikanaide4 localhost 0 testing123   <=== CHAP\u8a8d\u8a3c\r\nSent Access-Request Id 218 from 0.0.0.0:54487 to 127.0.0.1:1812 length 82\r\n\tUser-Name = \"rad-test001\"\r\n\tCHAP-Password = 0xe0c066be176e356e5e421e9196ba462d49\r\n\tNAS-IP-Address = 172.25.100.6\r\n\tNAS-Port = 0\r\n\tCleartext-Password = \"Kikanaide4\"\r\nReceived Access-Accept Id 218 from 127.0.0.1:1812 to 127.0.0.1:54487 length 60\r\n\tMessage-Authenticator = 0x8843dd69f1158453c1c02ab216444772\r\n\tReply-Message = \"Welcome, rad-test001\"\r\n\r\n[yasuaki@nsauth6 ~]$ radtest -t mschap rad-test001 Kikanaide4 localhost 0 testing123\u3000\u3000<=== MSCHAP\u8a8d\u8a3c\r\nSent Access-Request Id 239 from 0.0.0.0:45556 to 127.0.0.1:1812 length 137\r\n\tUser-Name = \"rad-test001\"\r\n\tMS-CHAP-Password = \"Kikanaide4\"\r\n\tNAS-IP-Address = 172.25.100.6\r\n\tNAS-Port = 0\r\n\tCleartext-Password = \"Kikanaide4\"\r\n\tMS-CHAP-Challenge = 0x80270fdf45f09515\r\n\tMS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000ae5e57b78b94836705f47621f5e6403995b9cafed76870a2\r\nReceived Access-Accept Id 239 from 127.0.0.1:1812 to 127.0.0.1:45556 length 124\r\n\tMessage-Authenticator = 0xf918de9b1892b059d41d0274bc27a1a7\r\n\tReply-Message = \"Welcome, rad-test001\"\r\n\tMS-CHAP-MPPE-Keys = 0x000000000000000006806f77927c9d1123fca37ae6c9d3bf\r\n\tMS-MPPE-Encryption-Policy = Encryption-Allowed\r\n\tMS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed\r\n[yasuaki@nsauth6 ~]$ \r\n\r\n[yasuaki@nsauth6 ~]$ radtest -t chap rad-test001 BadPASS localhost 0 testing123  <=== \u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u9593\u9055\u3048\u305f\u5834\u5408\r\nSent Access-Request Id 96 from 0.0.0.0:49955 to 127.0.0.1:1812 length 82\r\n\tUser-Name = \"rad-test001\"\r\n\tCHAP-Password = 0x9d0aa2ae542c0163eead516b869a0d200c\r\n\tNAS-IP-Address = 172.25.100.6\r\n\tNAS-Port = 0\r\n\tCleartext-Password = \"BadPASS\"\r\nReceived Access-Reject Id 96 from 127.0.0.1:1812 to 127.0.0.1:49955 length 60\r\n\tMessage-Authenticator = 0xba91a41506faac34943929ac1dc3ab4e\r\n\tReply-Message = \"Welcome, rad-test001\"\r\n(0) -: Expected Access-Accept got Access-Reject\r\n\r\n[yasuaki@nsauth6 ~]$ radtest -t chap rad-test001 Kikanaide4 localhost 0 bad-secret <=== \u5408\u3044\u8a00\u8449\u3092\u9593\u9055\u3048\u305f\u5834\u5408\r\nSent Access-Request Id 22 from 0.0.0.0:36903 to 127.0.0.1:1812 length 82\r\n\tUser-Name = \"rad-test001\"\r\n\tCHAP-Password = 0x1e18fe1e32797231c7f2bd2ea1f4d63dcc\r\n\tNAS-IP-Address = 172.25.100.6\r\n\tNAS-Port = 0\r\n\tCleartext-Password = \"Kikanaide4\"\r\nSent Access-Request Id 22 from 0.0.0.0:36903 to 127.0.0.1:1812 length 82\r\n\tUser-Name = \"rad-test001\"\r\n\tCHAP-Password = 0x1e18fe1e32797231c7f2bd2ea1f4d63dcc\r\n\tNAS-IP-Address = 172.25.100.6\r\n\tNAS-Port = 0\r\n\tCleartext-Password = \"Kikanaide4\"\r\nSent Access-Request Id 22 from 0.0.0.0:36903 to 127.0.0.1:1812 length 82\r\n\tUser-Name = \"rad-test001\"\r\n\tCHAP-Password = 0x1e18fe1e32797231c7f2bd2ea1f4d63dcc\r\n\tNAS-IP-Address = 172.25.100.6\r\n\tNAS-Port = 0\r\n\tCleartext-Password = \"Kikanaide4\"\r\n(0) No reply from server for ID 22 socket 3\r\n\r\n\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<br>\r\n<p>\u3010 \"\/etc\/raddb\/mods-available\/mschap\" \u3011<br>\r\n<br>\r\n\u3000\u4eca\u56de\u306f\u3001RADIUS\u8a8d\u8a3c\u30d7\u30ed\u30c8\u30b3\u30eb\u304c\u4f7f\u7528\u3059\u308b\u8a8d\u8a3c\u65b9\u5f0f\u3092 MS-CHAP\u65b9\u5f0f\uff08Microsoft\u304c\u72ec\u81ea\u306b\u5b9f\u88c5\u3057\u3066\u3044\u308bCHAP\uff09\u3092\u7528\u3044\u308b\u3053\u3068\u306b\u3059\u308b\uff0eMS-CHAP\u65b9\u5f0f\u306e\u3088\u3046\u306a\u30ec\u30ac\u30b7\u30fc\u306a\u8a8d\u8a3c\u65b9\u5f0f\u3088\u308a\u3082\u3082\u3063\u3068\u30bb\u30ad\u30e5\u30a2\u306a\u65b9\u5f0f\u304c\u5e7e\u3064\u3082\u3042\u308b\u304c\u3001\u4eca\u56de\u306fWindows\u3084Mac, Linux\u306a\u3069\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u74b0\u5883\u3067\u4e92\u63db\u6027\u306e\u554f\u984c\u304c\u767a\u751f\u3057\u306b\u304f\u3044MS-CHAP\u65b9\u5f0f\u3092\u9078\u629e\u3059\u308b\u3053\u3068\u306b\u3057\u305f\uff0e<\/p>\r\n<br>\r\n<p>MS-CHAP\u306e\u8a2d\u5b9a\u9805\u76ee\u306f\u7d50\u69cb\u3042\u308b\u304c\u3001\u4eca\u56de\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u8a2d\u5b9a\u304b\u3089\u6b21\u306e3\u9805\u76ee\u3092\u4fee\u6b63\u3057\u305f\uff0e\u3053\u306e\u8fba\u306e\u8a2d\u5b9a\u9805\u76ee\u306fWindows\u3084Mac\u306a\u3069\u306e\u5b9f\u88c5\u306e\u9055\u3044\u306b\u3088\u3063\u3066\u3082\u5dee\u304c\u51fa\u3066\u304f\u308b\u306e\u3067\u3001\u5b9f\u969b\u306b\u8a66\u3057\u306a\u304c\u3089\u8a2d\u5b9a\u9805\u76ee\u306e\u5024\u3092\u5909\u66f4\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u304b\u3082\u3057\u308c\u306a\u3044\uff0e\r\n\r\n\r\n<br>\r\n<pre><code class=\"language-Markup\">\r\n# -*- text -*-\r\n#\r\n#  $Id: 18f600589b67177679b9521feb65b7fbb0200ac2 $\r\n\r\n# Microsoft CHAP authentication\r\n#\r\n#  This module supports MS-CHAP and MS-CHAPv2 authentication.\r\n#  It also enforces the SMB-Account-Ctrl attribute.\r\n#\r\nmschap {\r\n\t#\r\n\t#  If you are using \/etc\/smbpasswd, see the 'passwd'\r\n\t#  module for an example of how to use \/etc\/smbpasswd\r\n\r\n\t# if use_mppe is not set to no mschap will\r\n\t# add MS-CHAP-MPPE-Keys for MS-CHAPv1 and\r\n\t# MS-MPPE-Recv-Key\/MS-MPPE-Send-Key for MS-CHAPv2\r\n\t#\r\n#================================================================#\r\n#\tuse_mppe = no\r\n\tuse_mppe = yes\r\n#================================================================#\r\n\r\n\t# if mppe is enabled require_encryption makes\r\n\t# encryption moderate\r\n\t#\r\n\r\n\t# if mppe is enabled require_encryption makes\r\n\t# encryption moderate\r\n\t#\r\n#================================================================#\r\n#\trequire_encryption = yes\r\n\trequire_encryption = yes\r\n#================================================================#\r\n\r\n\t# require_strong always requires 128 bit key\r\n\t# encryption\r\n\t#\r\n#================================================================#\r\n#\trequire_strong = yes\r\n\trequire_strong = yes\r\n#================================================================#\r\n\r\n\u3000\u3000...\r\n\r\n<\/code>\r\n<\/pre>\r\n<br>\r\n<br>\r\n\r\n<p>\u3010 \"\/etc\/raddb\/mods-available\/eap\" \u3011<br>\r\n<br>\r\n EAP\u8a8d\u8a3c\u65b9\u5f0f\uff08\u6240\u8b02802.1x\u8a8d\u8a3c\uff09\u306e\u5b9a\u7fa9\u30d5\u30a1\u30a4\u30eb\u3067\u3001EAP-TLS\u3084EAP-TTLS\u3001EAP-PEAP\u306a\u3069\u306e\u8907\u6570\u306eEAP\u8a8d\u8a3c\u65b9\u5f0f\u3092\u3053\u3053\u3067\u8a2d\u5b9a\u3059\u308b\uff0e\u4f01\u696d\u306a\u3069\u3067\u306fEAP-TLS\u306a\u3069\u306e\u3001\u30b5\u30fc\u30d0\u5074\u3068\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u53cc\u65b9\u3067\u8a3c\u660e\u66f8\u3092\u691c\u8a3c\u3059\u308b\u65b9\u5f0f\u304c\u4e00\u822c\u7684\u3060\u304c\u3001\u3082\u3046\u5c11\u3057\u7c21\u6613\u7684\u306aEAP-PEAP\u306a\u3069\u304c\u4f7f\u308f\u308c\u308b\u3053\u3068\u3082\u3042\u308b\uff0eEAP-PEAP\u3067\u306f\u30b5\u30fc\u30d0\u5074\u306e\u8a3c\u660e\u66f8\u3060\u3051\u3067\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306f\u30e6\u30fc\u30b6\u306eID\u3084\u30d1\u30b9\u30ef\u30fc\u30c9\u3067\u8a8d\u8a3c\u3059\u308b\u306e\u3067\u3001\u904b\u7528\u306e\u624b\u9593\u3092\u7701\u304f\u3053\u3068\u304c\u53ef\u80fd\u3060\uff0e\u4eca\u56de\u306f\u3001\u5b9f\u88c5\u304c\u7c21\u5358\u306aEAP-PEAP\u3092\u7528\u3044\u308b\u3053\u3068\u306b\u3059\u308b\uff0e<\/p>\r\n<br>\r\n<p>EAP-PEAP\u306e\u5834\u5408\u306f\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u304c\u5fc5\u8981\u306b\u306a\u308b\u304c\u3001FQDN\u304c\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u30c9\u30e1\u30a4\u30f3\u3067\u3042\u308c\u3070\u6c11\u9593\u306e\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3092\u5c0e\u5165\u3059\u308b\u65b9\u6cd5\u3082\u3042\u308b\u304c\u3001\u4f01\u696d\u306a\u3069\u3067\u306f\u81ea\u5df1\u8a8d\u8a3c\u5c40\u3092\u904b\u7528\u3057\u3066\u3044\u3066\u3001\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u3084\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u72ec\u81ea\u306b\u767a\u884c\u3057\u3066\u3044\u308b\u3053\u3068\u304c\u591a\u3044\u3060\u308d\u3046\uff0e\u81ea\u5df1\u8a8d\u8a3c\u5c40\u306e\u5834\u5408\u3001\u30e6\u30fc\u30b6\u5074\u3067\u81ea\u5df1\u8a8d\u8a3c\u5c40\u3092\u4fe1\u983c\u3055\u305b\u308b\u306a\u3069\u306e\u9762\u5012\u306a\u624b\u9593\u304c\u5fc5\u8981\u306b\u306a\u308b\u306e\u304c\u96e3\u70b9\u3060\uff0e<\/p>\r\n<br>\r\n<p>\u4eca\u56de\u306f\u5bb6\u5ead\u5185\u3067\u306e\u691c\u8a3c\u306a\u306e\u3067\u3001\u7c21\u6613\u7684\u306a\u81ea\u5df1\u8a8d\u8a3c\u5c40\u306b\u3088\u308b\u8a3c\u660e\u66f8\uff08\u6240\u8b02\u30aa\u30ec\u30aa\u30ec\u8a3c\u660e\u66f8\uff09\u3092\u4f7f\u3046\u3053\u3068\u306b\u3059\u308b\uff0e<\/p>\r\n<br>\r\n<p>\u81ea\u5df1\u8a8d\u8a3c\u5c40\u306b\u3088\u3063\u3066PKI\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u306f\u7d50\u69cb\u8907\u96d1\u306a\u306e\u3067\u3001\u300eAruba\u306eAP\u3092\u7528\u3044\u3066\u8a8d\u8a3cVLAN\u3092\u5b9f\u88c5\u3057\u3066\u307f\u308b#3\uff08\u81ea\u5df1\u8a8d\u8a3c\u8a3c\u660e\u66f8\u306e\u4f5c\u6210\uff09\u300f\u3067\u8aac\u660e\u3059\u308b\u3053\u3068\u306b\u3059\u308b\uff0e<\/p>\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n","protected":false},"excerpt":{"rendered":"\u524d\u56de\u306e\u8a18\u4e8b\u3067\u306f\u3001Aruba AP\u3092Aruba Instant On \u30b5\u30fc\u30d3\u30b9\u3067\u96c6\u4e2d\u7ba1\u7406\u3059\u308b\u3053\u3068\u306b\u3088\u3063\u3066\u6bd4\u8f03\u7684\u5bb9\u6613\u306b\u7121\u7ddaLAN\u30b7\u30b9\u30c6\u30e0\u3092\u69cb\u7bc9\u53ef\u80fd\u306a\u3053\u3068\u3092\u8aac\u660e\u3057\u305f\u304c\u3001\u4eca\u56de\u306f\u7121\u7ddaLAN\u30b7\u30b9\u30c6\u30e0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc\u3092\u9ad8\u3081\u308b\u305f\u3081\u306b\u3001Radius\u30b5\u30fc\u30d0\u3084LDAP\u30b5\u30fc\u30d0\u3068\u9023\u643a\u3055\u305b\u308b\u3053\u3068\u306b\u3088\u3063\u3066\u30e6\u30fc\u30b6\u8a8d\u8a3c\u30d9\u30fc\u30b9\u306e\u7121\u7ddaLAN\u30b7\u30b9\u30c6\u30e0\u3092\u69cb\u7bc9\u3059\u308b\u3053\u3068\u306b\u3059\u308b\uff0e","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[13],"tags":[986,422],"class_list":["post-10369","post","type-post","status-publish","format-standard","hentry","category-sysadmin","tag-freeradius","tag-install"],"_links":{"self":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/10369","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/comments?post=10369"}],"version-history":[{"count":3,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/10369\/revisions"}],"predecessor-version":[{"id":11302,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/posts\/10369\/revisions\/11302"}],"wp:attachment":[{"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/media?parent=10369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/categories?post=10369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/y2tech.net\/blog\/wp-json\/wp\/v2\/tags?post=10369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}