没有合适的资源?快使用搜索试试~ 我知道了~
EAP-TLS on FreeRaidus 中文版
![star](https://csdnimg.cn/release/downloadcmsfe/public/img/star.98a08eaa.png)
温馨提示
![preview](https://dl-preview.csdnimg.cn/1576023/0001-6a538eac163f13aa4410a472f45ec231_thumbnail.jpeg)
![preview-icon](https://csdnimg.cn/release/downloadcmsfe/public/img/scale.ab9e0183.png)
试读
98页
这个文档是讲述如何在linux 以及相似的unix系统上面建立一个radius 并且支持eap tls 认证,和 Access Point 客户端如何配置的文档
资源推荐
资源详情
资源评论
![rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![docx](https://img-home.csdnimg.cn/images/20210720083331.png)
![msi](https://img-home.csdnimg.cn/images/20210720083646.png)
![rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083646.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![docx](https://img-home.csdnimg.cn/images/20210720083331.png)
![msi](https://img-home.csdnimg.cn/images/20210720083646.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![application/x-zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![txt](https://img-home.csdnimg.cn/images/20210720083642.png)
![rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![xlsx](https://img-home.csdnimg.cn/images/20210720083732.png)
![](https://csdnimg.cn/release/download_crawler_static/1576023/bg1.jpg)
www.chinaunix.net
我爱臭豆腐
EAP-TLS ON FREERAIDUS 中文版.............................................................................................2
前言 ................................................................................................................................................2
感谢 ................................................................................................................................................2
安装
OPENSSL :................................................................................................................................2
安装 F
REERADIUS :.........................................................................................................................3
准备工作: ....................................................................................................................................4
生成证书的脚本:.........................................................................................................................4
建立
tls
中使用的证书:
...........................................................................................................4
证书脚本:
................................................................................................................................4
生成证书:
................................................................................................................................8
查看证书:
..............................................................................................................................12
配置 F
REERADIUS : ...................................................................................................................15
radiusd.conf
文件内容:
........................................................................................................15
users
文件内容:
.....................................................................................................................44
clients.conf
文件内容:
..........................................................................................................49
配置 C
ISCO ACCESS POINT : ..........................................................................................................52
配置客户端: ..............................................................................................................................55
将证书复制到客户端
...............................................................................................................55
安装客户端证书:
...................................................................................................................56
配置客户端网络
.......................................................................................................................72
调试信息 ......................................................................................................................................74
Cisco Access Point
调试信息
..................................................................................................74
Radius server log ......................................................................................................................91
相关软件以及连接.......................................................................................................................91
ChinaUnix
:
.............................................................................................................................91
FreeRADIUS:............................................................................................................................92
OpenSSL: ..................................................................................................................................92
www.chinaunix.net 我爱臭豆腐
1
![](https://csdnimg.cn/release/download_crawler_static/1576023/bg2.jpg)
www.chinaunix.net
我爱臭豆腐
EAP-TLS on FreeRaidus 中文版
Version: 0.2.0
前言
首先,这个文档是讲述如何在 linux 以及相似的 unix 系统上面建立一个 radius 并且支持 eap
tls 认证,和 Access Point 客户端如何配置的文档。这个里面参照了一些 FreeRadius 上的一
些资料其中包括 Ken Roser 写的 http://www.freeradius.org/doc/EAPTLS.pdf
。这个文档在不断
的更新。我欢迎大家和我交流这些东西,大家共同晚上好这个文档。我的联系方式在这个文
档的最后面有写出。
感谢
首先要感谢的就是我的父母和我的妹妹。是他们对我的无微不至的照顾才使得我有更多
的时间来写一些东西和学习。
还要感谢的就是 FanQiang 是他建立了 ChinaUnix 这个这么好的论坛。感谢 linux 版的斑
竹 sakulagi 在我编写这个文档的新版本的时候给予的斑竹。感谢 Proxy 服务器 斑竹段誉是他
在我编写第一版的时候能够无偿的给我提供硬件设备。
这个文档还要送给 ChinaUnix 的一个老朋友红袖添香。虽然她已经离开了我们的论坛但
是还是希望她能够长回来看看。并且希望每个读取这个文档的朋友能够祝福她在国外的生活
和学习一切顺利。
我爱臭豆腐
北京
2004-7-13
安装 openssl :
下载 openssl :
wget http://www.openssl.org/source/openssl-0.9.7d.tar.gz
tar zxvf openssl-0.9.7d.tar.gz
cd openssl-0.9.7d
./config --prefix=/usr/local/openssl shared
make
make test
make install
//备份 profile 文件
cp /etc/profile /etc/profile.back
编辑/etc/profile 加入下面内容:
www.chinaunix.net 我爱臭豆腐
2
![](https://csdnimg.cn/release/download_crawler_static/1576023/bg3.jpg)
www.chinaunix.net
我爱臭豆腐
LD_LIBRARY_PATH=/usr/local/openssl/lib
LD_PRELOAD=/usr/local/openssl/lib/libcrypto.so
export LD_LIBRARY_PATH LD_PRELOAD
//备份过去的/usr/bin/openssl
mv /usr/bin/openssl /usr/bin/openssl.back
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
//输入 openssl version -a 查看是否正确,如果正确应该显示如下:
[root@wanghao bin]# openssl version -a
OpenSSL 0.9.7c 30 Sep 2003
built on: Thu Nov 20 22:22:53 CST 2003
platform: linux-elf
options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H
-DOPENSSL_NO_KRB5 -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
-DSHA1_ASM -DMD5_ASM -DRMD160_ASM
OPENSSLDIR: "/usr/local/openssl/ssl"
openssl 安装完成.
安装 FreeRadius :
wget ftp://ftp.freeradius.org/pub/radius/freeradius-0.9.3.tar.gz
tar zxvf ./freeradius-0.9.3.tar.gz
cd freeradius-0.9.3/
cd freeradius-0.9.3
./configure --prefix=/usr/local
cd src/modules/rlm_eap/types/rlm_eap_tls/
//编辑 rlm_eap_tls 的 Makefile
cp Makefile Makefile.back
vi Makefile
//更改成如下:
# Generated automatically from Makefile.in by configure.
TARGET = rlm_eap_tls
SRCS = rlm_eap_tls.c eap_tls.c cb.c tls.c mppe_keys.c
RLM_CFLAGS = $(INCLTDL) -I../.. -I/usr/local/openssl/include
HEADERS = eap_tls.h
RLM_INSTALL =
RLM_LDFLAGS += -L/usr/local/openssl/lib
RLM_LIBS += -lssl -lcrypto
$(STATIC_OBJS): $(HEADERS)
www.chinaunix.net 我爱臭豆腐
3
![](https://csdnimg.cn/release/download_crawler_static/1576023/bg4.jpg)
www.chinaunix.net
我爱臭豆腐
$(DYNAMIC_OBJS): $(HEADERS)
RLM_DIR=../../
include ${RLM_DIR}../rules.mak
存盘退出.
cd /tmp/freeradius-0.9.3
make
make install //安装
准备工作:
cd /usr/local/openssl/ssl
date >DH
date >random
touch xpextensions
vi xpextensions
文件内容:
[ xpclient_ext]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
[ xpserver_ext ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
生成证书的脚本:
建立 tls 中使用的证书:
证书脚本:
根证书脚本 CA.root:
[root@radius ssl]# cat CA.root
#!/bin/sh
SSL=/usr/local/openssl
export PATH=${SSL}/bin/:${SSL}/ssl/misc:${PATH}
export LD_LIBRARY_PATH=${SSL}/lib
# needed if you need to start from scratch otherwise the CA.pl -newca command doesn't
copy the new
www.chinaunix.net 我爱臭豆腐
4
![](https://csdnimg.cn/release/download_crawler_static/1576023/bg5.jpg)
www.chinaunix.net
我爱臭豆腐
# private key into the CA directories
rm -rf demoCA
echo
"*******************************************************************************
**"
echo "Creating self-signed private key and certificate"
echo "When prompted override the default value for the Common Name field"
echo
"*******************************************************************************
**"
echo
# Generate a new self-signed certificate.
# After invocation, newreq.pem will contain a private key and certificate
# newreq.pem will be used in the next step
openssl req -new -x509 -keyout newreq.pem -out newreq.pem -passin pass:whatever
-passout pass:whatever
echo
"*******************************************************************************
**"
echo "Creating a new CA hierarchy (used later by the "ca" command) with the
certificate"
echo "and private key created in the last step"
echo
"*******************************************************************************
**"
echo
echo "newreq.pem" | CA.pl -newca >/dev/null
echo
"*******************************************************************************
**"
echo "Creating ROOT CA"
echo
"*******************************************************************************
**"
echo
# Create a PKCS#12 file, using the previously created CA certificate/key
# The certificate in demoCA/cacert.pem is the same as in newreq.pem. Instead of
# using "-in demoCA/cacert.pem" we could have used "-in newreq.pem" and then omitted
# the "-inkey newreq.pem" because newreq.pem contains both the private key and
certificate
openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12
-cacerts -passin pass:whatever -passout pass:whatever
# parse the PKCS#12 file just created and produce a PEM format certificate and key
in root.pem
www.chinaunix.net 我爱臭豆腐
5
剩余97页未读,继续阅读
资源评论
![avatar-default](https://csdnimg.cn/release/downloadcmsfe/public/img/lazyLogo2.1882d7f4.png)
- hyqianye20032012-10-11不错,很详细,是我想要找的。
- hezi1682012-11-05很好,很全,是在linux上的部署,如果有在windows上的就更好了
- catmao2012-11-24可惜是linux下的,是windows的就好了
![avatar](https://profile-avatar.csdnimg.cn/default.jpg!1)
al850922
- 粉丝: 0
- 资源: 5
上传资源 快速赚钱
我的内容管理 展开
我的资源 快来上传第一个资源
我的收益
登录查看自己的收益我的积分 登录查看自己的积分
我的C币 登录后查看C币余额
我的收藏
我的下载
下载帮助
![voice](https://csdnimg.cn/release/downloadcmsfe/public/img/voice.245cc511.png)
![center-task](https://csdnimg.cn/release/downloadcmsfe/public/img/center-task.c2eda91a.png)
安全验证
文档复制为VIP权益,开通VIP直接复制
![dialog-icon](https://csdnimg.cn/release/downloadcmsfe/public/img/green-success.6a4acb44.png)