2014/03/13

Freeradius 設定作 eap 認證

eap 認證

eap 認證有兩點要注意
  1. freeradius 必須有伺服器憑證
  2. 被認證端的根憑證必須在 trusted ca

信任的 ca 設定

/etc/raddb/eap.conf
eap{
    tls {
        CA_file = ${cadir}/ca.pem
    }
}

測試

安裝 eapol_test 需用 root 權限
wget http://hostap.epitest.fi/releases/wpa_supplicant-0.5.10.tar.gz
tar xvf wpa_supplicant-0.5.10.tar.gz
cd wpa_supplicant-0.5.10/
cp defconfig .config
make eapol_test
cp eaplo_test /usr/bin
測試用 config 檔 /tmp/eapol_test.conf.peap
network={
  eap=PEAP
  eapol_flags=0
  key_mgmt=IEEE8021X
  identity="myid"
  password="mypw"
  ca_cert="/etc/raddb/certs/ca.pem"
  phase2="auth=MSCHAPV2"
  anonymous_identity="anonymous"
}
執行測試
eapol_test -c /tmp/eapol_test.conf.peap -a127.0.0.1 -p1812 -stesting123 -r1
傳回結果,看到 SUCCESS 表示認證連結成功
... ... ... ... 省略 ... ... ... ...
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 1  mismatch: 0
SUCCESS
標籤: (Edit tags)

沒有留言: