B2G/QA/Tips And Tricks: Difference between revisions

Jump to navigation Jump to search

B2G/QA/Tips And Tricks (view source)

Revision as of 08:38, 26 May 2014

42 bytes added ,  26 May 2014
→‎RIL
Line 560: Line 560:
* One desktop with Ubuntu for radius server
* One desktop with Ubuntu for radius server


Wifi Environment setup:
* Wifi Environment setup:
1. Follow the "Compile freeradius with EAP-SIM/AKA support" section in http://bit.ly/1guIKyb to setup freeradius server in ubuntu 12.04.
** Follow the "Compile freeradius with EAP-SIM/AKA support" section in http://bit.ly/1guIKyb to setup freeradius server in ubuntu 12.04.
2. Add below information in /etc/freeradius/users
** Add below information in /etc/freeradius/users
   "sqa"    Cleartext-Password := "password"
   "sqa"    Cleartext-Password := "password"
   Service-Type = Administrative-User,
   Service-Type = Administrative-User,
   Reply-Message = "Radius Login Success"
   Reply-Message = "Radius Login Success"
3. The IMSI read by SIM card reader is 15 digits. Take 466923003314697 as an example.
** The IMSI read by SIM card reader is 15 digits. Take 466923003314697 as an example.
   In simtriplets, the format of IMSI should be 1+IMSI+@wlan.mnc092.mcc466.3gppnetwork.org. So, it will be 1466923003314697@wlan.mnc092.mcc466.3gppnetwork.org.
   In simtriplets, the format of IMSI should be 1+IMSI+@wlan.mnc092.mcc466.3gppnetwork.org. So, it will be 1466923003314697@wlan.mnc092.mcc466.3gppnetwork.org.
4. After above steps, the  
** After above steps, the  
     /etc/freeradius/simtriplets.dat,
     /etc/freeradius/simtriplets.dat,
     /etc/freeradius/clients.conf,  
     /etc/freeradius/clients.conf,  
Line 575: Line 575:
     and /etc/freeradius/users  
     and /etc/freeradius/users  
     are all configured.
     are all configured.
5. The EAP-SIM, EAP-TTLS, EAP-PEAP are all enabled.
** The EAP-SIM, EAP-TTLS, EAP-PEAP are all enabled.
6. Start the freeradius server.
** Start the freeradius server.
   $ sudo /usr/sbin/freeradius -X
   $ sudo /usr/sbin/freeradius -X


- Steps to enable EAP-TLS
* Steps to enable EAP-TLS
1. $ cd /usr/lib/ssl/misc/
** 1. Generate CA files
2. $ su
  $ cd /usr/lib/ssl/misc/
3. $ ./CA.pl -newca, follow the steps to generate certificate in ./demoCA directory
  $ su
4. Generate server side certificate
  $ ./CA.pl -newca, follow the steps to generate certificate in ./demoCA directory
** 2. Generate server side certificate
   $ openssl req -new -nodes -keyout srv_key.pem -out srv_req.pem -config ../openssl.cnf  
   $ openssl req -new -nodes -keyout srv_key.pem -out srv_req.pem -config ../openssl.cnf  
   $ openssl ca -config ../openssl.cnf -policy policy_anything -out srv_cert.pem -infiles ./srv_req.pem
   $ openssl ca -config ../openssl.cnf -policy policy_anything -out srv_cert.pem -infiles ./srv_req.pem
   $ cat srv_key.pem srv_cert.pem > srv_keycert.pem
   $ cat srv_key.pem srv_cert.pem > srv_keycert.pem
5. Generate client side certificate
** 3. Generate client side certificate
   $ openssl req -new -keyout cli_key.pem -out cli_req.pem -config ../openssl.cnf
   $ openssl req -new -keyout cli_key.pem -out cli_req.pem -config ../openssl.cnf
   $ openssl ca -config ../openssl.cnf -policy policy_anything -out cli_cert.pem -infiles ./cli_req.pem
   $ openssl ca -config ../openssl.cnf -policy policy_anything -out cli_cert.pem -infiles ./cli_req.pem
   $ openssl pkcs12 -export -in cli_cert.pem -inkey cli_key.pem -out cli_cert.p12 -clcerts
   $ openssl pkcs12 -export -in cli_cert.pem -inkey cli_key.pem -out cli_cert.p12 -clcerts
6. Generate 2 required files that TLS needs
** 4. Generate 2 required files that TLS needs
   $ openssl dhparam -check -text -5 512 -out dh
   $ openssl dhparam -check -text -5 512 -out dh
   $ dd if=/dev/urandom of=random count=2
   $ dd if=/dev/urandom of=random count=2
7. put srv_keycert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs
** 5. put srv_keycert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs
8. put cacert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs
** 6. put cacert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs
9. put dh & random files in default cert directory of freeradius
** 7. put dh & random files in default cert directory of freeradius
10. Modify the below information in /etc/freeradius/eap.conf
** 8. Modify the below information in /etc/freeradius/eap.conf
      private_key_password = whatever (the one you input in generating certificate)
      private_key_password = whatever (the one you input in generating certificate)
      private_key_file = ${certdir}/srv_keycert.pem (the output of STEP 4)
      private_key_file = ${certdir}/srv_keycert.pem (the output of STEP 2)
      certificate_file = ${certdir}/srv_keycert.pem (the same as above)
      certificate_file = ${certdir}/srv_keycert.pem (the same as above)
      CA_file = ${cadir}/cacert.pem (this file is in demoCA/)
      CA_file = ${cadir}/cacert.pem (this file is in demoCA/)
      dh_file = ${certdir}/dh (the output of STEP 6)
      dh_file = ${certdir}/dh (the output of STEP 4)
      random_file = ${certdir}/random (the output of STEP 6)
      random_file = ${certdir}/random (the output of STEP 4)
11. Restart freeradius server
** 9. Restart freeradius server
     $ sudo /usr/sbin/freeradius -X
     $ sudo /usr/sbin/freeradius -X


Cfchang
Confirmed users
79

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/982650"

Navigation menu