Tecnologie

Dettaglio dell'articolo:

domenica 24 agosto 2008

WPA e FreeRadius HOWTO

WPA + FreeRadius HOWTO



SCHEMA GENERALE




     ================
     |              |	Windows XP Sp2 o Vista o Linux
     | WiFi  client |
     |              |
     ================
     	  |   A
     	  |   |
     	  |   |	  WPA
     	  |   |
     	  |   |
     	  |   |				   ( RADIUS )			      (CONTROLLER)
     	  V   |				     Fedora8
     ================			================		 =====================
     |              | 			| Free Radius  | 		 |                   | 
     | Access Point |	----------->	|      +       | ----------->	 | Domain Controller |
     |              |			|    Samba     |		 |    (SAMBA o NT)   |
     ================			================		 =====================
     
     

Prima di procedere è necessario verificare la presenza su RADIUS dei pacchetti openssl e openssl-devel


1) PARTE 1: INSTALLAZIONE E CONFIGURAZIONE SAMBA

Scaricare la versione 3.0.31 di Samba (le versioni precompilate che si trovano con le distribuzioni 
hanno quasi sempre un bug. Si fa prima a ricompilare Samba che non a trovare la patch o altro)

# cd samba-3.0.31/source
# ./configure  --enable-cups --with-pam

NB: necessiata pam-devel e cups-devel (in realtà il supporto cups non è necessario a meno che l'host
non debba funzionare anche come print server)

Il file di configurazione è in /usr/local/samba/lib (da creare dopo l'installazione)

Di seguito c'è quello usato nel sistema di laboratorio di Tecnes

  [global]
  
          workgroup = MITEC03	    # DA SOSTITUIRE COL NOME DEL DOMINIO
          server string = Radius Server
          netbios name = vmwaresrv  # DA SOSTITUIRE COL NOME DEL SERVER
  
          loglevel=0
  
          # logs split per machine
          log file = /var/log/samba/log.%m
          # max 50KB per log file, then rotate
          max log size = 50
  
          security = domain
          password server = dc01    # DA SOSTITUIRE COL NOME DEL DOMAIN CONTROLLER
          
          passdb backend = tdbsam
          username map = /etc/samba/smbusers
          winbind enum users = yes
          winbind enum groups = yes
          enable privileges = Yes
          
          domain master = no
          domain logons = no
  
          logon path =
  
          add user script = /usr/sbin/useradd "%u" -n -g users
          add group script = /usr/sbin/groupadd "%g"
          add user to group script = /usr/sbin/usermod -A "%g" "%u"
          add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
          delete user script = /usr/sbin/userdel "%u"
	  
	  wins support = no
	  wins server = 172.20.83.15
	  
	  dns proxy = no
	  name resolve order = host wins bcast
	  
	  printcap name = cups
	  #obtain list of printers automatically on SystemV
	  printing = cups
	  load printers = yes
	  cups options = raw
	
#============================ Share Definitions ==============================

[homes]
        comment = Home Directories
        browseable = no
        writable = yes
        valid users = %S
;       valid users = MYDOMAIN\%S
	

Avviare i servizi

# /usr/local/samba/sbin/smbd -D
# /usr/local/samba/sbin/nmbd -D
# /usr/local/samba/sbin/winbindd -D

Aggiungere RADIUS al dominio  

# net join MITEC03 -Uadministrator%

Riavviare i servizi

# killall winbindd
# killall nmbd
# killall smbd
# /usr/local/samba/sbin/smbd -D
# /usr/local/samba/sbin/nmbd -D
# /usr/local/samba/sbin/winbindd -D	
	
verificare il funzionamento di winbind

# /usr/local/samba/bin/wbinfo -D mitec03
	Name              : MITEC03
	Alt_Name          :
	SID               : S-1-5-21-4069564598-3891574429-1339956793
	Active Directory  : No
	Native            : No
	Primary           : Yes
	Sequence          : 1218623211
#


modificare il file /etc/nsswitch.conf aggiungendo winbind come segue

passwd:     files winbind
shadow:     files winbind
group:      files winbind


Verificare l'autenticazione con ntlm_auth

#  /usr/local/samba/bin/ntlm_auth --request-nt-key --username=  (es: administrator)
   password:
   NT_STATUS_OK: Success (0x0)
#


2) PARTE 2: INSTALLAZIONE E CONFIGURAZIONE FREERADIUS

prerequisiti: OPENSSL (anche le librerie openssl-devel)

scaricare i sorgenti da www.freeradius.org

# wtpget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-.tar.gz
# tar -xzvf freeradius-server-.tar.gz
# cd freeradius-server-
# ./configure
# make
# make install

I file di configurazione vengono creati in /usr/local/etc/raddb

NB: alla prima esecuzione verranno creati i certificati necessari per i metodi di autenticazione TLS


# radiusd -X 

Il sistema carica i files di configurazione e crea i certificati necesari. 
Sulla console appaiono le seguenti righe

...................
..................
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.

Il server Radius è stato installato e avviato correttamente

Bisogna modificare i seguenti file nella cartella /usr/local/etc/raddb

In clients.conf modificare la chiave (testin123) relativa al client 127.0.0.1  e aggiungere

 client  {
         secret = 
         shortname  = netgear
 
         }

Ovviamente è necessario inserire l'indirizzo IP dell'access Point e la chiave che verrà usata 
dall'access point per instaurare la comunicazione con il server Radius


In eap.conf

nella sezione eap 
   ......
   #default_eap_type = md5
   default_eap_type = peap
.....    
   
 nella sezione tls
   
   .....
   # make_cert_command = "${certdir}/bootstrap"
......

nella sezione peap

 peap {
                        #  The tunneled EAP session needs a default
                        #  EAP type which is separate from the one for
                        #  the non-tunneled EAP module.  Inside of the
                        #  PEAP tunnel, we recommend using MS-CHAPv2,
                        #  as that is the default type supported by
                        #  Windows clients.
                        default_eap_type = mschapv2
  ................
  }
  
  In modules/mschap
  
 mschap {
           ....................
           ....................
  	   ntlm_auth = "/usr/local/samba/bin/ntlm_auth --request-nt-key --username=%{User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
  
  }
  
  
  
3) PARTE 3: CONFIGURAZIONE ACCES POINT

Io ho realizzato il sistema usando un netgear, ma va bene ogni Access Point che supporta 
WPA e Radius (WPA - 802.1x) .
Bisogna andare nella sezione di configurazione dei parametri per il collegamento con il 
server Radius ed inserire l'indirizzo del server e la Shared Secret che avete scritto nel file clients.conf
Va inoltre abilitata l'autenticazione di rete WPA con Radius.



Buona fortuna a tutti

Commenti:

I love how to articles. Thank you. Real Estate

Inviato da: Jim Dulc il: 2019-01-22 01:16:53.774517

Je vous remercie de l'information! Je cherchais et ne pouvait pas trouver. Vous me aidé! papa survey.com

Inviato da: Sophie Miller il: 2019-02-20 09:37:56.267

thanks for sharing the information regarding the structure.....

Inviato da: Computer Science Dissertation Writing Se il: 2019-03-07 09:58:47.280123

Pool Service Bakersfield/ Great work

Inviato da: Jerry il: 2019-03-25 03:29:22.544165 How To Stop Snoring… [...]whenever that niche can be exciting to you, you can love this particular internet site[...]… free online chat rooms without registration

Inviato da: james thomas il: 2019-02-18 21:02:53.821183 Getting me into this! thanks Pool Service Temecula/a>

Inviato da: James il: 2019-03-25 03:27:03.741373 I appreciate for what you updated. I hope we will receive more latest news that relates to this article. Thank you so much. USPS Tracking

Inviato da: Jim il: 2019-02-20 09:23:40.331383 This was really helpful and creative The Impossibel quiz

Inviato da: Ben il: 2019-01-14 13:10:47.958584 The Wi-Fi protected access is implemented for a subset. This will provide more security and more authentication to the client. Recently I have read an article in academic paper writer services they stated that this makes encryption process more easy.

Inviato da: Christopher H. Miller il: 2019-01-30 17:59:56.768018 Thank you for the information. I have always shared it with my Coworkers. And people who I know care about this. Tree Service Vallejo

Inviato da: Cory Tree il: 2019-04-28 07:31:03.800547 Shoe Net, August 22, classic and handsome Jean cheap christian louboutin shoes jackets nike factory store louboutin shoes are just right for early autumn red bottom shoes wear. What are the fashionable elements of this year's Jean jackets? The following styles can nike factory outlet be considered, in nike store short, autumn without adidas sneakers cheap jordans Jean jackets is incomplete. Medium nike outlet online and long christian louboutin outlet jeans jacket, with white tight dress inside, nike outlet store has a good christian louboutin outlet figure at air max a glance. Compared with short jeans jacket, medium and long jeans wear nike factory store windbreaker-like chic nike factory store feeling. Or cheap christian louboutin shoes wear a medium and long jeans jacket as a dress, with nike store small white shoes, with a lovely bag, younger age, adidas originals jordan 5 handsome and vigorous. This nike shoes red bottom shoes jean jacket is classic in style, with some nostalgic color, fresh and handsome, with a red bottom shoes small flower dress, romantic and sweet, idyllic feeling. The color and style of this jeans louboutin shoes air max jacket adidas nmd belong to the classic style, with black trousers and boots with thick heels, handsome and handsome, nike outlet online dark cheap christian louboutin shoes blue backpack look also well matched oh. christian louboutin sale Jean jacket with jeans cheap jordan shoes and louboutin shoes small white cheap christian louboutin shoes shoes, christian louboutin outlet complete set nike shoes of nike factory outlet jeans look handsome, pants choose under armour stephen curry star christian louboutin shoes pattern, avoid nike shoes monotony, jordan 11 more red bottom heels fashionable and younger. The jean jacket with profile design has a special taste, nostalgia, nike roshe run handsome, boyfriend style, absolute personality, with striped shirt, nike air max nine-minute under armour boots air max pants and blue pointed high heels, deducing the elegance nike air max and under armour outlet adidas superstar delicacy of French jordans on sale style. more wonderful content, welcome to scan the two-dimensional code cheap christian louboutin below and cheap christian louboutin pay attention nike outlet store to the official tweets of shoe webs! cheap christian louboutin shoes

Inviato da: Cadence il: 2019-04-19 23:56:34.84102 Thank you for sharing this helpful guide the impossible quiz

Inviato da: the impossible quiz il: 2018-10-16 08:50:12.994512 Thank you for this. Carpet Cleaning North Dakota/a>

Inviato da: James il: 2019-03-25 03:25:11.941998 Good blog, here you can make your own blog and you can make more friends. Are you sims in game sims 4 skill cheats ready for the perfect photo shoot?

Inviato da: sims 4 skill cheats il: 2019-10-11 06:36:57.0002 And he tried, trying to get away from the city where it was. I do not know what to put you in the sadness is regret or angry anxiety! He continued on to the game and enjoyed it every single day : bloons tower defense 5

Inviato da: rebeccahickshq il: 2018-12-13 10:19:59.424692 This is very useful post for me. This will absolutely going to help me in my project. Read about Best Parental control app.

Inviato da: Zoro oroz il: 2019-06-11 08:36:15.970036 THANK YOU SO much for sharing the post. cm browser app chamelephon app makeup plus apk download Wanting more from you.

Inviato da: fegi kulmeo il: 2018-12-24 12:50:09.976762 Your writing very well and provide a lot of useful information. But if you tap water more than half as compared to another article, I would definitely be great

Inviato da: funny jokes il: 2018-06-15 03:30:09.493461 Thank you for your sharing. Thanks to this article I can learn more things. Expand your knowledge and abilities. Actually the article is very practical. Thank you! deadpool 2 jokes

Inviato da: Anala il: 2018-06-15 03:31:07.677349 not long ago, Ms. Wang bought a pair of nike store leather shoes with a price of 159 yuan. Within a few days, the upper of nike outlet the nike shoes cheap christian louboutin shoes was "hanging red bottom heels flowers". Ms. Wang said, "I doubt it's not genuine leather, adidas stan smith red bottom heels because red bottom shoes there's no leather on the shoebox, just leather on cheap jordans the ticket. Where can I adidas superstar identify it? According nike roshe run to christian louboutin outlet the relevant personages of the Municipal jordans on sale jordans for sale Consumer Association, what leather jordan 5 should be marked louboutin shoes nike factory store on the packaging box of leather shoes, consumers can go to the Technical Supervision Bureau nike shoes for identification. According cheap christian louboutin shoes to nike outlet online under armour boots experts, consumers can use the following methods when buying leather shoes: 1. Cowhide: Cowhide leather has cheap christian louboutin small nike shoes pores, is round, louboutin shoes uniformly and closely distributed, shiny and smooth adidas nmd surface, plump, delicate texture, smooth and smooth appearance, touch with hands. nike shoes The texture is firm and elastic. When selecting, if the skin is pressed hard, there are small folds. If you don't look carefully at the leather products made from cowhide, you can nike outlet online hardly see the bristles. 2. Sheepskin: Sheepskin nike shoes leather has christian louboutin outlet flat and round pore and clear pore. The leather products made from sheepskin are exquisite and soft. Although the surface is glossy, it is not cheap christian louboutin shoes as bright nike air max as that of cowhide air max products. red bottom shoes The skin is jordan 5 pressed forcefully and obvious folds are formed. 3. nike outlet store Pigskin: Pigskin leather cheap jordan shoes surface pore is round cheap jordan shoes and thick, three side by nike air max side in a group, triangular arrangement, each jordan 11 group is far christian louboutin outlet apart, the leather surface is uneven. It can be christian louboutin outlet recognized nike outlet even after polishing. 4. nike outlet Artificial leather: jordans on sale nike store Because of the imitation leather products made from nike factory store polyurethane nike air max non-woven synthetic leather, it is similar to the leather products in appearance. air max We need to identify adidas sneakers and choose carefully. Generally speaking, imitation leather is made by cheap christian louboutin applying chemical raw adidas nmd materials on the adidas outlet nike factory outlet cloth. Looking at the red bottom heels skin carefully, there are no pore. Extruding hard, the skin will nike air max not appear folding phenomenon. If adidas stan smith micro-porous film-coated artificial leather christian louboutin shoes is encountered, cheap christian louboutin it can be distinguished by its reverse base material.

Inviato da: Cady il: 2019-04-11 15:47:22.301134 I love technology blogs. I am an engineer and i love to explore things. Thanks for the opportunity here. If you dont know how to enable cookies on chrome, you should visit the post given here.

Inviato da: Bihari il: 2018-12-20 11:57:53.668518 Thank you for the information. I have always shared it with my Coworkers. And people who I know care about this.

Inviato da: Cory Tree il: 2019-04-28 07:28:35.286439

Scrivi un commento:

Archivio