Skip to content
Permalink
Browse files

Move exercises to Turtorials and add copyright notices

  • Loading branch information
arr2036 committed Sep 23, 2019
1 parent da1be6c commit 16f47ff30d33d0ebdadd38bc8dd3ff1b50a68b72
Showing with 97 additions and 43 deletions.
  1. +1 −0 doc/antora/antora.yml
  2. +6 −27 doc/antora/modules/howto/nav.adoc
  3. 0 doc/antora/modules/{howto → tutorials}/assets/images/SAVE.svg
  4. 0 doc/antora/modules/{howto → tutorials}/assets/images/access-challenge.svg
  5. 0 doc/antora/modules/{howto → tutorials}/assets/images/access-request-proxy.svg
  6. 0 doc/antora/modules/{howto → tutorials}/assets/images/access-request.svg
  7. 0 doc/antora/modules/{howto → tutorials}/assets/images/accounting-request-proxy.svg
  8. 0 doc/antora/modules/{howto → tutorials}/assets/images/accounting-request.svg
  9. BIN doc/antora/modules/{howto → tutorials}/assets/images/asciifull.gif
  10. 0 doc/antora/modules/{howto → tutorials}/assets/images/dispatcher.svg
  11. 0 doc/antora/modules/{howto → tutorials}/assets/images/dual_nas_backup_server.svg
  12. 0 doc/antora/modules/{howto → tutorials}/assets/images/dual_nas_backup_server_failover.svg
  13. 0 doc/antora/modules/{howto → tutorials}/assets/images/dual_nas_backup_server_redundancy.svg
  14. 0 doc/antora/modules/{howto → tutorials}/assets/images/dual_nas_load_balance.svg
  15. 0 doc/antora/modules/{howto → tutorials}/assets/images/eap-md5.svg
  16. 0 doc/antora/modules/{howto → tutorials}/assets/images/eap-ttls.svg
  17. 0 doc/antora/modules/{howto → tutorials}/assets/images/login.svg
  18. 0 doc/antora/modules/{howto → tutorials}/assets/images/login_net_access.svg
  19. 0 doc/antora/modules/{howto → tutorials}/assets/images/login_ok.svg
  20. 0 doc/antora/modules/{howto → tutorials}/assets/images/nas_backup_server.svg
  21. 0 doc/antora/modules/{howto → tutorials}/assets/images/nas_backup_server_failover.svg
  22. 0 doc/antora/modules/{howto → tutorials}/assets/images/peap_packet.svg
  23. 0 doc/antora/modules/{howto → tutorials}/assets/images/proxy.svg
  24. 0 doc/antora/modules/{howto → tutorials}/assets/images/proxy_backup_server.svg
  25. 0 doc/antora/modules/{howto → tutorials}/assets/images/proxy_load_balance.svg
  26. 0 doc/antora/modules/{howto → tutorials}/assets/images/radius_packet.svg
  27. 0 doc/antora/modules/{howto → tutorials}/assets/images/request_files.svg
  28. 0 doc/antora/modules/{howto → tutorials}/assets/images/request_handoff.svg
  29. 0 doc/antora/modules/{howto → tutorials}/assets/images/request_processing.svg
  30. 0 doc/antora/modules/{howto → tutorials}/assets/images/request_receive.svg
  31. 0 doc/antora/modules/{howto → tutorials}/assets/images/server_schematic.svg
  32. 0 doc/antora/modules/{howto → tutorials}/assets/images/ttls_packet.svg
  33. +21 −0 doc/antora/modules/tutorials/nav.adoc
  34. +3 −1 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/accounting.adoc
  35. +3 −2 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/autz-type.adoc
  36. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/dictionary.adoc
  37. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/dynamic-translation.adoc
  38. +3 −1 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/eap-md5.adoc
  39. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/eap-peap.adoc
  40. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/eap-tls.adoc
  41. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/eap-ttls.adoc
  42. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/matching_users.adoc
  43. +3 −1 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/module_fail_over.adoc
  44. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/multiple_modules.adoc
  45. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/new_client.adoc
  46. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/new_user.adoc
  47. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/prepaid.adoc
  48. +3 −1 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/proxy.adoc
  49. +4 −2 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/proxy_failover.adoc
  50. +4 −1 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/proxy_load_balance.adoc
  51. +4 −2 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/proxy_receive.adoc
  52. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/radmin.adoc
  53. +4 −2 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/simultaneous_use.adoc
  54. +3 −1 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/sql.adoc
  55. +4 −2 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/sql_user.adoc
  56. +3 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/unlang_conditions.adoc
  57. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/unlang_policies.adoc
  58. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/variables.adoc
  59. +2 −0 doc/antora/modules/{howto/pages/exercises → tutorials/pages}/virtual.adoc
@@ -11,6 +11,7 @@ nav:
- modules/ROOT/nav.adoc
- modules/installation/nav.adoc
- modules/howto/nav.adoc
- modules/tutorials/nav.adoc
- modules/unlang/nav.adoc
- modules/developers/nav.adoc
- modules/raddb/nav.adoc
@@ -29,32 +29,11 @@
** Tuning
*** xref:tuning/performance-testing.adoc[Performance Testing]
*** xref:tuning/tuning_guide.adoc[Tuning Guide]
** Exercises
*** xref:exercises/new_user.adoc[New User]
*** xref:exercises/new_client.adoc[New Client]
*** xref:exercises/accounting.adoc[Accounting]
*** xref:exercises/simultaneous_use.adoc[Simultaneous Use]
*** xref:exercises/matching_users.adoc[Matching Users]
*** xref:exercises/proxy.adoc[Proxying]
**** xref:exercises/proxy_receive.adoc[Proxy Receive]
**** xref:exercises/proxy_failover.adoc[Proxy Fail-Over]
**** xref:exercises/proxy_load_balance.adoc[Proxy Load-Balance]
*** xref:exercises/sql.adoc[SQL]
**** xref:exercises/sql_user.adoc[SQL Users]
*** xref:exercises/variables.adoc[Variables]
*** xref:exercises/dynamic-translation.adoc[Dynamic-Translation]
*** xref:exercises/multiple_modules.adoc[Module instances]
*** xref:exercises/autz-type.adoc[Autz-Type]
*** xref:exercises/module_fail_over.adoc[Module-Fail-Over]
*** xref:exercises/prepaid.adoc[Prepaid]
*** xref:exercises/dictionary.adoc[Dictionary]
*** xref:exercises/virtual.adoc[Virtual]
*** xref:exercises/radmin.adoc[Radmin]
*** Unlang
**** xref:exercises/unlang_conditions.adoc[Unlang Conditions]
**** xref:exercises/unlang_policies.adoc[Unlang Policies]
**** xref:unlang_conditions.adoc[Unlang Conditions]
**** xref:unlang_policies.adoc[Unlang Policies]
*** EAP
**** xref:exercises/eap-md5.adoc[EAP-MD5]
**** xref:exercises/eap-ttls.adoc[EAP-TTLS]
**** xref:exercises/eap-peap.adoc[EAP-PEAP]
**** xref:exercises/eap-tls.adoc[EAP-TLS]
**** xref:eap-md5.adoc[EAP-MD5]
**** xref:eap-ttls.adoc[EAP-TTLS]
**** xref:eap-peap.adoc[EAP-PEAP]
**** xref:eap-tls.adoc[EAP-TLS]
@@ -0,0 +1,21 @@
** Tutorials
*** xref:new_user.adoc[New User]
*** xref:new_client.adoc[New Client]
*** xref:accounting.adoc[Accounting]
*** xref:simultaneous_use.adoc[Simultaneous Use]
*** xref:matching_users.adoc[Matching Users]
*** xref:proxy.adoc[Proxying]
**** xref:proxy_receive.adoc[Proxy Receive]
**** xref:proxy_failover.adoc[Proxy Fail-Over]
**** xref:proxy_load_balance.adoc[Proxy Load-Balance]
*** xref:sql.adoc[SQL]
**** xref:sql_user.adoc[SQL Users]
*** xref:variables.adoc[Variables]
*** xref:dynamic-translation.adoc[Dynamic-Translation]
*** xref:multiple_modules.adoc[Module instances]
*** xref:autz-type.adoc[Autz-Type]
*** xref:module_fail_over.adoc[Module-Fail-Over]
*** xref:prepaid.adoc[Prepaid]
*** xref:dictionary.adoc[Dictionary]
*** xref:virtual.adoc[Virtual]
*** xref:radmin.adoc[Radmin]
@@ -23,7 +23,7 @@ the server does with those requests. This process simulates the actions taken by
an NAS when a user logs in.

Use the entry in the file from the exercise in
xref:exercises/new_user.adoc[New User] for user "bob".
xref:new_user.adoc[New User] for user "bob".

[NOTE]
========================================================================
@@ -134,3 +134,5 @@ authentication request? Why?
9. What error message is produced on the second accounting stop, and
why is it produced?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -13,7 +13,7 @@ Using the Autz-Type attribute
- `etc/raddb/users`
This exercise is a follow-up to the previous one in
xref:exercises/multiple_modules.adoc[Multiple Modules], and it uses the `byname` and `bydate` modules
xref:multiple_modules.adoc[Multiple Modules], and it uses the `byname` and `bydate` modules
configured there.

Start off by deleting the old log files:
@@ -63,6 +63,7 @@ $ ls /var/log/radius/radacct/bydate/
Questions
~~~~~~~~~

// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
1. Why is it useful to _not_ call certain modules for a request?
2. Why is it useful to control which modules get called for a request?
@@ -69,3 +69,5 @@ multiple names for one number?
prefixed with the vendor name?
3. Why are vendor specific attributes useful?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -63,6 +63,8 @@ there".
That text was then sent back to the RADIUS client in the `Callback-Id`
attribute, which was not quoted above.

// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
Another dynamic translation string function is the `expr` module. It performs
some simple mathematical operations. The following sample file entry
demonstrates how to use the `expr` module.
@@ -18,7 +18,7 @@ image::eap-md5.svg[Fig. EAP-MD5]
*Programs*: radtest

For this exercise, your are assumed to have previously worked
through and be familiar with the exercise in xref:exercises/new_user.aodc[New User] for
through and be familiar with the exercise in xref:new_user.aodc[New User] for
user "bob".

While RADIUS is an authentication protocol in its own right, other
@@ -66,3 +66,5 @@ image::eap_md5.svg[Fig. EAP-MD5]
7. What security issues exist with EAP-MD5?
8. Why is EAP-MD5 disabled in newer operating systems?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -84,3 +84,5 @@ tunnel for EAP-PEAP?
3. Would you use EAP-PEAP in a large deployment? If so, why? If not,
why not?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -112,3 +112,5 @@ not?
4. What is the purpose of the `MS-MPPE-Recv-Key` and `MS-MPPE-Send-Key`
attributes in the final `Access-Accept` packet?

// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -48,3 +48,5 @@ tunnel for EAP-TTLS?
3. Would you use EAP-TTLS in a large deployment? If so, why? If not,
why not?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -64,3 +64,5 @@ meets the requirements, but do the requirements fit the needs of the
network?
4. How does this kind of simple configuration scale to many users?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -17,7 +17,7 @@ Module Fail-Over
When the server uses an external database to find user authentication
information or to log accounting requests, that database may sometimes
fail temporarily. This situation is similar to the situation seen in the exercise
in xref:exercises/proxy_failover.adoc[Proxy Failover], where proxied
in xref:proxy_failover.adoc[Proxy Failover], where proxied
requests "fail-over" to a backup RADIUS server when the primary
RADIUS server does not respond.

@@ -112,3 +112,5 @@ Questions
1. Could the configuration for the "group" section containing the
"detail1" and "detail2" modules be simplified? If so, how?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -69,3 +69,5 @@ Questions

1. Why is it useful to have multiple versions of a module?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -62,3 +62,5 @@ file is edited?
4. What are the other fields in a client entry, and what are they used
for?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -90,3 +90,5 @@ Questions
3. Why does the server need access to a clear-text password to perform
CHAP authentication?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -43,3 +43,5 @@ from an SQL database?
2. Why is it useful to enforce time-based restrictions on users, in
addition to enforcing `Simultaneous-Use`?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -28,7 +28,7 @@ server in `proxy.conf` will be configured to "strip" the realm name
from the incoming request.

The entry from the exercise in
xref:exercises/new_user.adoc[New User] for user "bob", in the
xref:new_user.adoc[New User] for user "bob", in the
"users" file will be used in this exercise.

The example packets `bob.sh` and `bob@realm1.sh` may be used in this
@@ -59,3 +59,5 @@ to the proxy contains CHAP-Password instead of User-Password?
3. Since the User-Password is encrypted with the RADIUS shared secret,
what happens to it when a request is proxied?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -31,7 +31,7 @@ the realm name from the incoming request.

The two group for "realm2" should also configure their
`clients.conf` file to permit user 1’s RADIUS server to act as a client,
as given in the exercise in xref:exercises/new_client.adoc[New Clients].
as given in the exercise in xref:new_client.adoc[New Clients].
Each user operating "realm2" should pick a different shared
secret to use with user 1.

@@ -42,7 +42,7 @@ observe user 1 sending the following requests to their server:

The group should verify that the expected authentication requests
sent to the server for "realm1" are handled locally, as in the
exercise in xref:exercises/proxy.adoc[Proxy].
exercise in xref:proxy.adoc[Proxy].

The group should then verify that the expected requests sent to
the server for "realm1" are proxied to a server for "realm2". The
@@ -67,3 +67,5 @@ the "realm2" server that has been stopped? If so, when? If not,
why not?
3. What would happen if both servers for "realm2" failed?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -16,7 +16,7 @@ multiple home servers.
image::proxy_load_balance.svg[Fig. Proxy Loadbalance]

For this exercise, the users will be divided into the same groups as
the previous exercise in xref:exercises/proxy_failover.adoc[Proxy Failover].
the previous exercise in xref:proxy_failover.adoc[Proxy Failover].

User 1 will edit his `proxy.conf` file, so that the entries for
"realm2" are marked as load balancing. The users will send multiple
@@ -37,3 +37,6 @@ home server to load balance to?
5. If the load balancing home server which has "failed" is started
again, will the proxying server ever send requests to it again? If so,
when? If not, why not?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -35,9 +35,9 @@ realm1 gets proxied to the server running as "realm1".
realm2 is local

The users should also configure each other's server as a RADIUS
client, as given in the exercise in xref:exercises/new_client.adoc[New Clients].
client, as given in the exercise in xref:new_client.adoc[New Clients].

The entry from the exercise in xref:exercises/new_user.adoc[New User] for user "bob" in
The entry from the exercise in xref:new_user.adoc[New User] for user "bob" in
the file, will be used in this exercise.

The example packets `bob.sh`, `bob@realm1.sh`, and `bob@realm2.sh` may
@@ -76,3 +76,5 @@ server in the "raddb/clients.conf" file?
3. What would happen if each user did not configure the realms to
"strip" the realm from the proxied requests?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -34,3 +34,5 @@ user?
4. Can you start the server in non-debugging mode (`radiusd -f`), and
still see the debugging output? How?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -15,8 +15,8 @@ time.
For this exercise, you are assumed to have previously worked
through, and be familiar with, the accounting exercise from
xref:exercises/accounting.adoc[Accounting], and to have an entry in the file, as given the
exercise in xref:exercises/new_user.adoc[New User], for user "bob".
xref:accounting.adoc[Accounting], and to have an entry in the file, as given the
exercise in xref:new_user.adoc[New User], for user "bob".

In this exercise, youwill work through an example of a user
logging into the server, and then attempting a simultaneous login for a
@@ -62,3 +62,5 @@ lines, like MPP, or ISDN?
5. What would happen if the user tried to log in a second time, before
the accounting start packet was received?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -16,7 +16,7 @@ information from an SQL database. In this exercise, you will
configure the server to communicate with an SQL database. you
will configure the schema for the SQL server, and will populate that
schema with a sample entry similar to that for the exercise in
xref:exercises/new_user.adoc[New User].
xref:new_user.adoc[New User].

There are a number of reasons why user information may be stored in an
SQL database, rather than the file. While the file is adequate for a
@@ -174,3 +174,5 @@ testing the ability to obtain user configuration from an SQL database?
3. What additional benefits, not mentioned here, do SQL databases have
over the files module?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -13,7 +13,7 @@ to send test packets as that user, and to receive a reply.
- `etc/raddb/mods-config/sql/main/*`
Now that we have verified in the previous exercise,
xref:exercises/sql.adoc[SQL] that the server can communicate with
xref:sql.adoc[SQL] that the server can communicate with
an SQL server, we proceed to adding user configuration entries into the
SQL database.

@@ -43,7 +43,7 @@ These commands mirror the "check" and "reply" entries listed in the
file for the user "bob". Use the SQL client to verify that the entries
are now in the database.

As the previous exercise in xref:exercises/sql.adoc[SQL]
As the previous exercise in xref:sql.adoc[SQL]
did not tell the server to query the database, but only to connect to it,
we must now configure FreeRADIUS to query the database. This may be done
by editing `etc/raddb/sites-available/default`, and listing the `sql`
@@ -93,3 +93,5 @@ and how? If not, why not?
5. What other configuration entries in `etc/raddb/sites-available/default`
exist for the `sql` module, and why?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -46,3 +46,6 @@ Questions
2. Why might you want to re-implement functionality offered by modules
in unlang?
3. What is the advantage of using `return` to exit the section early?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -77,3 +77,5 @@ Questions
languages?
3. What is the advantage of using `return` to exit the section early?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -95,3 +95,5 @@ bad idea?
3. How would you create an entry in the users file that matched users when
their `Class` was the same as their `NAS-Port`?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.
@@ -59,3 +59,5 @@ Questions
4. How can you make the above configuration authenticate different
users via different passwords?
// Copyright (C) 2019 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
// Development of this documentation was sponsored by Network RADIUS SAS.

0 comments on commit 16f47ff

Please sign in to comment.
You can’t perform that action at this time.