eap-ttls/mschapv2

时间:2021-10-13 05:20:56
eap-ttls/mschapv2
     
文件路径
用途 示例 备注
#gedit /usr/local/etc/raddb/sites-available/default
#gedit /usr/local/etc/raddb/sites-enabled/default
选择账户数据库
设置authorize{} 中files为隐性,sql为显性

选择从sql数据库读取用户预设信息
 
#gedit /usr/local/etc/raddb/sites-available/default
#gedit /usr/local/etc/raddb/sites-enabled/default
选择认证方式
设置authorize{} 中eap设为显性

选择认证方式为eap
 
#gedit /usr/local/etc/raddb/eap.conf
选择eap类型
设置eap{} 中default_eap_type=ttls
设置eap类型为ttls
 
#ls /usr/local/etc/raddb/certs/*.pem
 查看证书是否存在
正常 列表中含有ca.pem
若没有ca.pem文件,则执行以下命令:
#/usr/local/etc/raddb/certs/bootstrap
#mysql -u root -p
Enter password:456456
mysql> use freeradius;
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('eap','Auth-Type',':=','EAP');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('eap','Service-Type',':=','Framed-User');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('eap','Framed-IP-Address',':=','255.255.255.255');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('eap','Framed-IP-Netmask',':=','255.255.255.0');
 建立组信息    
mysql> insert into radcheck (username,attribute,op,value) values ('eap','User-Password',':=','eap');
 建立用户信息    
mysql> insert into radusergroup (username,groupname) values ('eap','eap');

关联用户与组

   
mysql> insert  into radreply(username,attribute,op,value) values('eap','Reply-Message','=','eap OK!');

添加用户回复信息

   
#gedit /usr/local/etc/raddb/clients.conf
添加新的代理主机
在最后面添加
client 10.10.200.0/24 {
secret = 111111  
shortname = tessie
} localhost的secret默认为testing123
 

#~/ttlsmschapv2.test

 创建测试配置文件
network={      //注意:"="前后无空格
eap=TTLS
ssid="test" //可更改
key_mgmt=WPA-EAP
identity="eap"  //注意:该测试账号是之前用sql建立在数据库中的,所以可以直接使用
password="eap"
ca_cert="/usr/local/etc/raddb/certs/ca.pem"
phase2="auth=MSCHAPV2"
anonymous_identity="anonymous" //可更改
}
 
#radiusd -X
#eapol_test -c ttlsmschapv2.test -s testing123  //ttlsmschapv2.test在~/目录下,所以该命令也要在~/目录下进行。需保持一致。
 测试
eapol_test -c<conf> [-a<AS IP>] [-p<AS port>] [-s<AS secret>] [-r<count>] ...