Confirmed users
79
edits
B2G/QA/Tips And Tricks: Difference between revisions
Jump to navigation
Jump to search
→RIL
(→RIL) |
(→RIL) |
||
| Line 554: | Line 554: | ||
== WIFI == | == WIFI == | ||
* How to setup wifi environment with EAP-SIM/EAP-TTLS/EAP-PEAP/EAP-TLS enabled | * How to setup wifi environment with EAP-SIM/EAP-TTLS/EAP-PEAP/EAP-TLS enabled | ||
Required equipments: | |||
1. One Access Points with Radius supported | |||
2. Card reader for reading SIM card | |||
3. One desktop with Ubuntu for radius server | |||
Wifi Environment setup: | |||
1. Follow the "Compile freeradius with EAP-SIM/AKA support" section in http://bit.ly/1guIKyb to setup freeradius server in ubuntu 12.04. | |||
2. Add below information in /etc/freeradius/users | |||
"sqa" Cleartext-Password := "password" | |||
Service-Type = Administrative-User, | |||
Reply-Message = "Radius Login Success" | |||
3. The IMSI read by SIM card reader is 15 digits. Take 466923003314697 as an example. | |||
In simtriplets, the format of IMSI should be 1+IMSI+@wlan.mnc092.mcc466.3gppnetwork.org. So, it will be 1466923003314697@wlan.mnc092.mcc466.3gppnetwork.org. | |||
4. After above steps, the | |||
/etc/freeradius/simtriplets.dat, | |||
/etc/freeradius/clients.conf, | |||
/etc/freeradius/sites-available/default, | |||
/etc/freeradius/eap.conf , | |||
and /etc/freeradius/users | |||
are all configured. | |||
5. The EAP-SIM, EAP-TTLS, EAP-PEAP are all enabled. | |||
6. Start the freeradius server. | |||
$ sudo /usr/sbin/freeradius -X | |||
- Steps to enable EAP-TLS | |||
1. $ cd /usr/lib/ssl/misc/ | |||
2. $ su | |||
3. $ ./CA.pl -newca, follow the steps to generate certificate in ./demoCA directory | |||
4. Generate server side certificate | |||
$ openssl req -new -nodes -keyout srv_key.pem -out srv_req.pem -config ../openssl.cnf | |||
$ openssl ca -config ../openssl.cnf -policy policy_anything -out srv_cert.pem -infiles ./srv_req.pem | |||
$ cat srv_key.pem srv_cert.pem > srv_keycert.pem | |||
5. Generate client side certificate | |||
$ openssl req -new -keyout cli_key.pem -out cli_req.pem -config ../openssl.cnf | |||
$ openssl ca -config ../openssl.cnf -policy policy_anything -out cli_cert.pem -infiles ./cli_req.pem | |||
$ openssl pkcs12 -export -in cli_cert.pem -inkey cli_key.pem -out cli_cert.p12 -clcerts | |||
6. Generate 2 required files that TLS needs | |||
$ openssl dhparam -check -text -5 512 -out dh | |||
$ dd if=/dev/urandom of=random count=2 | |||
7. put srv_keycert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs | |||
8. put cacert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs | |||
9. put dh & random files in default cert directory of freeradius | |||
10. Modify the below information in /etc/freeradius/eap.conf | |||
private_key_password = whatever (the one you input in generating certificate) | |||
private_key_file = ${certdir}/srv_keycert.pem (the output of STEP 4) | |||
certificate_file = ${certdir}/srv_keycert.pem (the same as above) | |||
CA_file = ${cadir}/cacert.pem (this file is in demoCA/) | |||
dh_file = ${certdir}/dh (the output of STEP 6) | |||
random_file = ${certdir}/random (the output of STEP 6) | |||
11. Restart freeradius server | |||
$ sudo /usr/sbin/freeradius -X | |||
= Building Gecko/Gaia = | = Building Gecko/Gaia = | ||