Changes

Jump to: navigation, search

B2G/QA/Tips And Tricks

42 bytes added, 08:38, 26 May 2014
RIL
* One desktop with Ubuntu for radius server
* Wifi Environment setup:1. ** Follow the "Compile freeradius with EAP-SIM/AKA support" section in http://bit.ly/1guIKyb to setup freeradius server in ubuntu 12.04.2. ** Add below information in /etc/freeradius/users
"sqa" Cleartext-Password := "password"
Service-Type = Administrative-User,
Reply-Message = "Radius Login Success"
3. ** The IMSI read by SIM card reader is 15 digits. Take 466923003314697 as an example.
In simtriplets, the format of IMSI should be 1+IMSI+@wlan.mnc092.mcc466.3gppnetwork.org. So, it will be 1466923003314697@wlan.mnc092.mcc466.3gppnetwork.org.
4. ** After above steps, the
/etc/freeradius/simtriplets.dat,
/etc/freeradius/clients.conf,
and /etc/freeradius/users
are all configured.
5. ** The EAP-SIM, EAP-TTLS, EAP-PEAP are all enabled.6. ** Start the freeradius server.
$ sudo /usr/sbin/freeradius -X
- * Steps to enable EAP-TLS** 1. Generate CA files $ cd /usr/lib/ssl/misc/2. $ su3. $ ./CA.pl -newca, follow the steps to generate certificate in ./demoCA directory4** 2. Generate server side certificate
$ openssl req -new -nodes -keyout srv_key.pem -out srv_req.pem -config ../openssl.cnf
$ openssl ca -config ../openssl.cnf -policy policy_anything -out srv_cert.pem -infiles ./srv_req.pem
$ cat srv_key.pem srv_cert.pem > srv_keycert.pem
5** 3. Generate client side certificate
$ openssl req -new -keyout cli_key.pem -out cli_req.pem -config ../openssl.cnf
$ openssl ca -config ../openssl.cnf -policy policy_anything -out cli_cert.pem -infiles ./cli_req.pem
$ openssl pkcs12 -export -in cli_cert.pem -inkey cli_key.pem -out cli_cert.p12 -clcerts
6** 4. Generate 2 required files that TLS needs
$ openssl dhparam -check -text -5 512 -out dh
$ dd if=/dev/urandom of=random count=2
7** 5. put srv_keycert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs8** 6. put cacert.pem in default cert directory of freeraidus. In this example, the directory is /etc/freeradius/certs9** 7. put dh & random files in default cert directory of freeradius10** 8. Modify the below information in /etc/freeradius/eap.conf private_key_password = whatever (the one you input in generating certificate) private_key_file = ${certdir}/srv_keycert.pem (the output of STEP 42) certificate_file = ${certdir}/srv_keycert.pem (the same as above) CA_file = ${cadir}/cacert.pem (this file is in demoCA/) dh_file = ${certdir}/dh (the output of STEP 64) random_file = ${certdir}/random (the output of STEP 64)11** 9. Restart freeradius server
$ sudo /usr/sbin/freeradius -X
Cfchang
Confirm
79
edits
Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/982650"

Navigation menu