1. Install Radius Server
sudo apt-get install freeradius
2. configure Radius Server
- configuration file path /etc/freeradius/
radiusd.conf (FreeRADIUS system configuration file)
clients.conf (client authentication configuration file)
client
{
secret =
shortname =
}
client 192.168.1.100{
secret = tseting123
shorename = private-network-1
}
users (cient)
testing Cleartext-Password := "password"
3. start Radius Server
sudo /usr/sbin/freeradius -X
1. 要產生憑證前先確認自己的linux上已經有裝好了openssl
#cd /usr/lib/ssl/misc/
#./CA.pl -newca
Enter PEM pass phrase: 12345 (自行輸入憑證密碼)
Country Name (2 letter code) [AU]:TW
State or Province Name (full name) [Some-State]:Taipei
Locality Name (eg, city) []:Taipei
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ABC
Organizational Unit Name (eg, section) []:DEF
Common Name (eg, YOUR name) []:HIJ
Email Address []:e@e.e
2. 伺服器端認證檔案
#openssl req -new -nodes -keyout srv_key.pem -out srv_req.pem -config ../openssl.cnf
#openssl ca -config ../openssl.cnf -policy policy_anything -out srv_cert.pem -infiles ./srv_req.pem
#cat srv_key.pem srv_cert.pem > srv_keycert.pem
3. 客戶端認證檔案
#openssl req -new -keyout cli_key.pem -out cli_req.pem -config ../openssl.cnf
#openssl ca -config ../openssl.cnf -policy policy_anything -out cli_cert.pem -infiles ./cli_req.pem
#openssl pkcs12 -export -in cli_cert.pem -inkey cli_key.pem -out cli_cert.p12 -clcerts (for XP certificate format)
4. 產生兩個使用tls憑證需要用到的檔案
#openssl dhparam -check -text -5 512 -out dh
#dd if=/dev/urandom of=random count=2
5. 把上述的伺服器端檔案copy到/usr/local/etc/raddb/certs
6.
radiusd.conf: (mark了三行,下面的紅色井字號為mark)
#$INCLUDE sql.conf
#INCLUDE sql/mysql/counter.conf
#$INCLUDE sqlippool.conf
clients.conf:
client 192.168.1.1 {
secret = sodisgood
shortname = sod-ap
}
eap.conf: (修改了一些部分,並且添加了tls憑證部分)
default_eap_type = tls (原本是md5)
private_key_password = 12345 (產生憑證時輸入的密碼)
private_key_file = ${certdir}/srv_keycert.pem (當時後產生的伺服器憑證)
certificate_file = ${certdir}/srv_keycert.pem (同上)
CA_file = ${cadir}/cacert.pem (這個檔案會在demoCA裡面)
dh_file = ${certdir}/dh (tls需要用到的檔案)
random_file = ${certdir}/random (同上)
7. start server
#radiusd -X & (-X是debug mode,&是背景執行)
Ref: http://tec1021.pixnet.net/blog/post/28639573-%E8%BC%95%E9%AC%86%E6%9E%B6%E5%A5%BDradius%E4%BC%BA%E6%9C%8D%E5%99%A8~
