EAP测试方法

编程小号 • 2023-09-09 15:46 • 未分类

安装工具

编译openssl

Download: https://www.openssl.org/

https://en.wikipedia.org/wiki/OpenSSL

tar -xf openssl-1.0.2f.tar.gz

cd openssl-1.0.2f

./config –prefix=`pwd`/../install

make

make install

编译freeradius

Download: http://freeradius.org/

tar -xf freeradius-server-3.0.11.tar.gz

cd freeradius-server-3.0.11

./configure –prefix=`pwd`/../install –with-openssl-include-dir=`pwd`/../install/include –with-openssl-lib-dir=`pwd`/../install/lib

make

make install

编译wpa_supplicant

Download: http://w1.fi/wpa_supplicant/

tar -xf wpa_supplicant-2.5.tar.gz

cd wpa_supplicant-2.5/wpa_supplicant

cp defconfig .config

make

make eapol_test

配置与测试

Server: freeradius配置

1. 配置user：etc/raddb/users

qmd Cleartext-Password := “123456”

2. 配置client：etc/raddb/clients.conf

client 192.168.5.0/24 {

ipaddr = 192.168.5.0/24
secret = qmd123
}

3. 本地测试：

qmd@u:bin$ ./radtest qmd 123456 192.168.5.154:1812 1222 qmd123
Sent Access-Request Id 139 from 0.0.0.0:39622 to 192.168.5.154:1812 length 73
User-Name = “qmd”
User-Password = “123456”
NAS-IP-Address = 127.0.1.1
NAS-Port = 1222
Message-Authenticator = 0x00
Cleartext-Password = “123456”
Received Access-Accept Id 139 from 192.168.5.154:1812 to 0.0.0.0:0 length 20
qmd@u:bin$

Client: wpa_supplicant配置

编辑配置文件：

network={

eap=PEAP
eapol_flags=0
key_mgmt=IEEE8021X
identity=”qmd”
password=”123456″
#ca_cert=”/etc/raddb/certs/ca.pem”
phase2=”auth=MSCHAPV2″
anonymous_identity=”anonymous”
}

./eapol_test -c test.conf -a 192.168.5.154 -p 1812 -s qmd123 -r 1

Openssl生成EAP-TLS证书

生成CA证书

mkdir -p ./demoCA/{private,newcerts}

touch ./demoCA/index.txt

echo 01 > ./demoCA/serial

openssl genrsa -des3 -out ./demoCA/private/cakey.pem 2048

openssl req -new -days 365 -key./demoCA/private/cakey.pem -out careq.pem

openssl ca -selfsign -in careq.pem -out cacert.pem

1. 生成密钥对：openssl genrsa -des3 -out userkey.pem

2. 生成证书请求：openssl req -new -days 365 -key userkey.pem -out userreq.pem

3. 签发证书：openssl ca -in userreq.pem -out usercert.pem

openssl req -new -x509 -days 365 -key./demoCA/private/cakey.pem -out ./demoCA/cacert.pem

echo -e “\n\n\n\n\n\n\n” | openssl req -new -x509 -keyout $cert_file -out $cert_file -days 365000 -nodes -config /usr/sbin/sbin/openssl.cnf >/dev/null 2>&1

今天的文章EAP测试方法分享到此就结束了，感谢您的阅读，如果确实帮到您，您可以动动手指转发给其他人。

版权声明：本文内容由互联网用户自发贡献，该文观点仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容，请发送邮件至举报，一经查实，本站将立刻删除。
如需转载请保留出处：https://bianchenghao.cn/59317.html

EAP测试方法

安装工具

编译openssl

编译freeradius

编译wpa_supplicant

配置与测试

Server: freeradius配置

Client: wpa_supplicant配置

Openssl生成EAP-TLS证书

相关推荐

发表回复