eap 認證
eap 認證有兩點要注意
- freeradius 必須有伺服器憑證
- 被認證端的根憑證必須在 trusted ca
信任的 ca 設定
/etc/raddb/eap.conf
eap{
tls {
CA_file = ${cadir}/ca.pem
}
}
測試
安裝 eapol_test 需用 root 權限
wget http://hostap.epitest.fi/releases/wpa_supplicant-0.5.10.tar.gz tar xvf wpa_supplicant-0.5.10.tar.gz cd wpa_supplicant-0.5.10/ cp defconfig .config make eapol_test cp eaplo_test /usr/bin
測試用 config 檔 /tmp/eapol_test.conf.peap
network={
eap=PEAP
eapol_flags=0
key_mgmt=IEEE8021X
identity="myid"
password="mypw"
ca_cert="/etc/raddb/certs/ca.pem"
phase2="auth=MSCHAPV2"
anonymous_identity="anonymous"
}
執行測試
eapol_test -c /tmp/eapol_test.conf.peap -a127.0.0.1 -p1812 -stesting123 -r1
傳回結果,看到 SUCCESS 表示認證連結成功
... ... ... ... 省略 ... ... ... ... EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit ENGINE: engine deinit MPPE keys OK: 1 mismatch: 0 SUCCESS
標籤: (Edit tags)
