Confirm
79
edits
Changes
→RIL
== WIFI ==
* How to setup wifi environment with EAP-SIM/EAP-TTLS/EAP-PEAP/EAP-TLS enabled
Required equipments:
1. One Access Points with Radius supported
2. Card reader for reading SIM card
3. One desktop with Ubuntu for radius server
Wifi Environment setup:
1. Follow the "Compile freeradius with EAP-SIM/AKA support" section in http://bit.ly/1guIKyb to setup freeradius server in ubuntu 12.04.
2. Add below information in /etc/freeradius/users
"sqa" Cleartext-Password := "password"
Service-Type = Administrative-User,
Reply-Message = "Radius Login Success"
3. The IMSI read by SIM card reader is 15 digits. Take 466923003314697 as an example.
In simtriplets, the format of IMSI should be 1+IMSI+@wlan.mnc092.mcc466.3gppnetwork.org. So, it will be 1466923003314697@wlan.mnc092.mcc466.3gppnetwork.org.
4. After above steps, the
/etc/freeradius/simtriplets.dat,
/etc/freeradius/clients.conf,
/etc/freeradius/sites-available/default,
/etc/freeradius/eap.conf ,
and /etc/freeradius/users
are all configured.
5. The EAP-SIM, EAP-TTLS, EAP-PEAP are all enabled.
6. Start the freeradius server.
$ sudo /usr/sbin/freeradius -X
- Steps to enable EAP-TLS
1. $ cd /usr/lib/ssl/misc/
2. $ su
3. $ ./CA.pl -newca, follow the steps to generate certificate in ./demoCA directory
4. Generate server side certificate
$ openssl req -new -nodes -keyout srv_key.pem -out srv_req.pem -config ../openssl.cnf
$ openssl ca -config ../openssl.cnf -policy policy_anything -out srv_cert.pem -infiles ./srv_req.pem
$ cat srv_key.pem srv_cert.pem > srv_keycert.pem
5. Generate client side certificate
$ openssl req -new -keyout cli_key.pem -out cli_req.pem -config ../openssl.cnf
$ openssl ca -config ../openssl.cnf -policy policy_anything -out cli_cert.pem -infiles ./cli_req.pem
$ openssl pkcs12 -export -in cli_cert.pem -inkey cli_key.pem -out cli_cert.p12 -clcerts
6. Generate 2 required files that TLS needs
$ openssl dhparam -check -text -5 512 -out dh
$ dd if=/dev/urandom of=random count=2
7. put srv_keycert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs
8. put cacert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs
9. put dh & random files in default cert directory of freeradius
10. Modify the below information in /etc/freeradius/eap.conf
private_key_password = whatever (the one you input in generating certificate)
private_key_file = ${certdir}/srv_keycert.pem (the output of STEP 4)
certificate_file = ${certdir}/srv_keycert.pem (the same as above)
CA_file = ${cadir}/cacert.pem (this file is in demoCA/)
dh_file = ${certdir}/dh (the output of STEP 6)
random_file = ${certdir}/random (the output of STEP 6)
11. Restart freeradius server
$ sudo /usr/sbin/freeradius -X
= Building Gecko/Gaia =
