Radius Server 架設

簡介

Radius Server提供多種身分驗證的方法，Freeradius Server is an opensource software

目的

這次主要想找EAP-AKA的packet範本

材料

Fedora 12

freeradius-server-2.2.1.tar.gz

freeradius-2.2.1_eap-sim-aka-0.1.patch

安裝

• 解壓

tar -zxvf freeradius-server-2.2.1.tar.gz

• patch 

patch -p1 < freeradius-2.2.1_eap-sim-aka-0.1.patch

會有一些FAIL，跳過它哈哈 

• setup

 yum install openssl-devel 

cd freeradius-server-2.2.1

./configure

make

make install

感覺沒什麼問題

• Start radius

radiusd -X

• Simple Test

這時候可以先做一個簡單的測試cd /usr/local/etc/raddb/ 

在users最前面增加一組帳密testaccount Cleartext-Password := "testpassword" 

 在clients.conf裡增加一個用戶 client 192.168.7.0 {        secret = testing1        shortname = testing2        netmask=24}

執行   radtest testaccount testpassword 192.168.7.XX 1812 testing1

如果有收到 Access-Accept就成功^^

•  build  rlm_sim-file.so

 cd ./src/modules/rlm_sim_files/

make

會有error 找不到tripbuf 所以我補上

char tripbuf[sizeof("232420100000015,30000000000000000000000000000000,30112233,445566778899AABB")*2];

再重新make就會產生rlm_sim_files-2.2.1.so

• copy to local lib and rename

cp ./.libs/rlm_sim_files-2.2.1.so /usr/local/lib/rlm_sim-file.so

• create  simtriplets.dat

vim /usr/local/etc/raddb/simtriplets.dat

 #   IMSI             RAND                             SRES     KcSIM,1262074920549791,64BC736EF7684de1921F9C9C0E0679E2,0B7e4e4b,D2119f41D8840400SIM,1262074920549791,97D0C531F2A84000ACB5E4F966157908,181c8ac1,E2f6976a226bc800SIM,1262074920549791,1E4FD2861D0848a499C91162234B255C,211056b1,8Bbdd2385B3a0400#SIM,0262074920549791,64BC736EF7684de1921F9C9C0E0679E2,0B7e4e4b,D2119f41D8840400SIM,0262074920549791,97D0C531F2A84000ACB5E4F966157908,181c8ac1,E2f6976a226bc800SIM,0262074920549791,1E4FD2861D0848a499C91162234B255C,211056b1,8Bbdd2385B3a0400
#   IMSI             RAND                             RES              AUTN                             IK                               CKAKA,0262073961704408,9FDDC72092C6AD036B6E464789315B78,F553BBC042452202,478412477BFF61DFD5BE5A85664C0820,359CF

•  create  sim_files

 vim /usr/local/etc/raddb/modules/sim_filles

sim_files {    simtriplets = "cd /usr/local/etc/raddb/simtriplets.dat"}

• Setting epa.conf

vim /usr/local/etc/raddb/eap.conf

增加 aka {         }         sim {         }

             

然後  結果還是不知道怎麼測eap-aka

eapol_test build in vs2012 windows

• 簡介：eapol_test 是wpa_supplicant提供的一個eap test project
• 目的：攔到eap packet

1. Download Win32OpenSSL-1_0_1j.exe
2. Install OpenSSL
3. Download wpa_supplicant-0.7.3.tar
4. 將wpa_supplicant-0.7.3解壓
5. 開啟wpa_supplicant-0.7.3\wpa_supplicant-0.7.3\wpa_supplicant\vs2005\eapol_test\eapol_test.sln
6. VS2012裡設定專案compile的include、lib目錄

     增加include OpenSSL安裝目錄 ex:C:\OpenSSL-Win32\include;

     增加lib OpenSSL安裝目錄 C:\OpenSSL-Win32\lib\VC\static;
7. 在openssl\x509v3.h增加
    #ifdef OPENSSL_SYS_WIN32
              /* Under Win32 these are defined in wincrypt.h */
    #undef X509_NAME
    #undef X509_CERT_PAIR
    #undef X509_EXTENSIONS
    #endif

8. Download 4.0.1-WpdPack

9. VS2012裡設定專案compile的include目錄，增加WpdPack目錄 ex: C:\dev\WpdPack\Include;

10. 如果要使用eap-aka功能，修改wpa_supplicant-0.7.3\src\utils\build_config.h增加#define EAP_AKA

p.s. test command => eapol_test -c <test文件> -a 127.0.0.1 -p 1812 -s testing123 -r 1