eap-tls |
|||
文件路径 |
用途 | 示例 | 备注 |
#gedit /usr/local/etc/raddb/sites-available/default #gedit /usr/local/etc/raddb/sites-enabled/default |
选择账户数据库 |
设置authorize{} 中files为隐性,sql为显性 选择从sql数据库读取用户预设信息 |
|
#gedit /usr/local/etc/raddb/sites-available/default #gedit /usr/local/etc/raddb/sites-enabled/default |
选择认证方式 |
设置authorize{} 中eap设为显性 选择认证方式为eap |
|
#gedit /usr/local/etc/raddb/eap.conf |
选择eap类型 |
设置eap{} 中default_eap_type=tls 设置eap类型为tls |
|
#ls /usr/local/etc/raddb/certs/*.pem |
查看证书是否存在 |
正常 列表中含有ca.pem |
若没有ca.pem文件,则执行以下命令: #/usr/local/etc/raddb/certs/bootstrap |
#mysql -u root -pEnter password:456456mysql> use freeradius;mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘eap‘,‘Auth-Type‘,‘:=‘,‘EAP‘);mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘eap‘,‘Service-Type‘,‘:=‘,‘Framed-User‘);mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘eap‘,‘Framed-IP-Address‘,‘:=‘,‘255.255.255.255‘);mysql> insert into radgroupreply (groupname,attribute,op,value) values (‘eap‘,‘Framed-IP-Netmask‘,‘:=‘,‘255.255.255.0‘); |
建立组信息 | ||
mysql> insert into radcheck (username,attribute,op,value) values (‘eap‘,‘User-Password‘,‘:=‘,‘eap‘); |
建立用户信息 | ||
mysql> insert into radusergroup (username,groupname) values (‘eap‘,‘eap‘); |
关联用户与组 |
||
mysql> insert into radreply(username,attribute,op,value) values(‘eap‘,‘Reply-Message‘,‘=‘,‘eap OK!‘); |
添加用户回复信息 |
||
#gedit /usr/local/etc/raddb/clients.conf |
添加新的代理主机 |
在最后面添加 client 10.10.200.0/24 { secret = 111111 shortname = tessie } localhost的secret默认为testing123 |
|
#~/tls.test |
创建测试配置文件 |
network={ //注意:"="前后无空格 eap=TLS eapol_flags=0 //可更改 key_mgmt=IEEE8021X identity="eap" //注意:该测试账号是之前用sql建立在数据库中的,所以可以直接使用 password="eap" # client #ca_cert="/opt/freeradius/etc/raddb/certs/ca.pem" #client_cert="/opt/freeradius/etc/raddb/certs/client.pem" #private_key="/opt/freeradius/etc/raddb/certs/client.key" #private_key_passwd="whatever" # server #ca_cert="/opt/freeradius/etc/raddb/certs/ca.pem" #client_cert="/opt/freeradius/etc/raddb/certs/server.pem" #private_key="/opt/freeradius/etc/raddb/certs/server.key" #private_key_passwd="whatever" # self cert client client_cert="/home/tessie/output/alilang_client_25741.pem" private_key="/home/tessie/output/alilang_client_25741.key" private_key_passwd="eap"} |
|
#radiusd -X #eapol_test -c tls.test -a 127.0.0.1 -p 1812 -s testing123 -r 1 //tls.test在~/目录下,所以该命令也要在~/目录下进行。需保持一致。 |
测试 |
eapol_test -c<conf> [-a<AS IP>] [-p<AS port>] [-s<AS secret>] [-r<count>] ... |
|
时间: 2024-08-28 22:33:15