安装工具
编译openssl
Download: https://www.openssl.org/
https://en.wikipedia.org/wiki/OpenSSL
tar -xf openssl-1.0.2f.tar.gz
cd openssl-1.0.2f
./config –prefix=`pwd`/../install
make
make install
编译freeradius
Download: http://freeradius.org/
tar -xf freeradius-server-3.0.11.tar.gz
cd freeradius-server-3.0.11
./configure –prefix=`pwd`/../install –with-openssl-include-dir=`pwd`/../install/include –with-openssl-lib-dir=`pwd`/../install/lib
make
make install
编译wpa_supplicant
Download: http://w1.fi/wpa_supplicant/
tar -xf wpa_supplicant-2.5.tar.gz
cd wpa_supplicant-2.5/wpa_supplicant
cp defconfig .config
make
make eapol_test
配置与测试
Server: freeradius配置
1. 配置user:etc/raddb/users
qmd Cleartext-Password := “123456”
2. 配置client:etc/raddb/clients.conf
client 192.168.5.0/24 {
ipaddr = 192.168.5.0/24
secret = qmd123
}
3. 本地测试:
qmd@u:bin$ ./radtest qmd 123456 192.168.5.154:1812 1222 qmd123
Sent Access-Request Id 139 from 0.0.0.0:39622 to 192.168.5.154:1812 length 73
User-Name = “qmd”
User-Password = “123456”
NAS-IP-Address = 127.0.1.1
NAS-Port = 1222
Message-Authenticator = 0x00
Cleartext-Password = “123456”
Received Access-Accept Id 139 from 192.168.5.154:1812 to 0.0.0.0:0 length 20
qmd@u:bin$
Client: wpa_supplicant配置
编辑配置文件:
network={
eap=PEAP
eapol_flags=0
key_mgmt=IEEE8021X
identity=”qmd”
password=”123456″
#ca_cert=”/etc/raddb/certs/ca.pem”
phase2=”auth=MSCHAPV2″
anonymous_identity=”anonymous”
}
./eapol_test -c test.conf -a 192.168.5.154 -p 1812 -s qmd123 -r 1
Openssl生成EAP-TLS证书
生成CA证书
mkdir -p ./demoCA/{private,newcerts}
touch ./demoCA/index.txt
echo 01 > ./demoCA/serial
openssl genrsa -des3 -out ./demoCA/private/cakey.pem 2048
openssl req -new -days 365 -key./demoCA/private/cakey.pem -out careq.pem
openssl ca -selfsign -in careq.pem -out cacert.pem
1. 生成密钥对:openssl genrsa -des3 -out userkey.pem
2. 生成证书请求:openssl req -new -days 365 -key userkey.pem -out userreq.pem
3. 签发证书:openssl ca -in userreq.pem -out usercert.pem
openssl req -new -x509 -days 365 -key./demoCA/private/cakey.pem -out ./demoCA/cacert.pem
echo -e “\n\n\n\n\n\n\n” | openssl req -new -x509 -keyout $cert_file -out $cert_file -days 365000 -nodes -config /usr/sbin/sbin/openssl.cnf >/dev/null 2>&1
今天的文章EAP测试方法分享到此就结束了,感谢您的阅读,如果确实帮到您,您可以动动手指转发给其他人。
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
如需转载请保留出处:https://bianchenghao.cn/59317.html