Freeradius-server
-2.1.11-aka 说明文档
1
freeradius
1.1
安装
cd freeradius-aka
tar zxvf freeradius-server-2.1.11-AKA-2011-9-28.tar.gz
cd freeradius-server-2.1.11-AKA-2011-9-28
./configure –with-modules='rlm_sim_files'
make
sudo make install
***freeradius-server-2.1.11-AKA-2011-9-28.tar.gz 是完整的文件包,已加入 AKA
1.2
配置
默认配置文件路径: /usr/local/etc/radbb
1.2.1 client.conf 加入:
client 192.168.0.0/16 {
secret=testing123
shortname=private-network
nastype=other
netmask=16
}
1.2.2 radiusd.conf
modules{
}内添加:
# in other sections of this configuration file.
#
modules {
default_eap_type = aka
+
}
#
# Each module has a configuration as follows:
# We do NOT recommend using EAP-MD5 authentication
# for wireless connections. It is insecure, and does
# not provide for dynamic WEP keys.
#
+sim {
+}
md5 {
}
+aka {
+}
default_eap_type = aka
# Cisco LEAP
1.2.4 /usr/local/etc/radbb/sites-available/default
去掉所有 eap 前面的注释;
在 authorize {
}内添加 sim_files
# or PEAP. The load on those servers will therefore be reduced.
#
sim_files
#
aka_files
eap {
ok = return
}
1.3测试
radiusd -X
出现 Listening..................1812
......
Ready to process requests. 说明服务器端已成功安装
另开终端:
radtest testing testing localhost 1812 testing123
出现 ACCESS-REJECT / ACCESS-ACCEPT 说明服务器与客户端可正常收发包
2
AKA
2.1数据存储
将附件内 simtriplets.dat 复制到 radbb 目录下
cp simtriplets.dat /usr/local/etc/radbb
simtriplets.dat 文件内 AKA 数据添加格式如下:
AKA,[IMSI],[RAND],[RES],[AUTN],[IK],[CK]
2.2测试
1)服务器启动 freeradius:radiusd -X
2)将 IMSI 号等数据写入 simtriplets.dat
3)无线路由器指向服务器 IP,密钥为 testing123
4)客户端选择 AKA 认证方式,连接路由器。
5)出现服务器出现 sending-ACCEPT 字样即为连接成功。
Author:Xiaohui Pan xiaohui.pan@greenpacket.com
Date:2011-9-28
-2.1.11-aka 说明文档
1
freeradius
1.1
安装
cd freeradius-aka
tar zxvf freeradius-server-2.1.11-AKA-2011-9-28.tar.gz
cd freeradius-server-2.1.11-AKA-2011-9-28
./configure –with-modules='rlm_sim_files'
make
sudo make install
***freeradius-server-2.1.11-AKA-2011-9-28.tar.gz 是完整的文件包,已加入 AKA
1.2
配置
默认配置文件路径: /usr/local/etc/radbb
1.2.1 client.conf 加入:
client 192.168.0.0/16 {
secret=testing123
shortname=private-network
nastype=other
netmask=16
}
1.2.2 radiusd.conf
modules{
}内添加:
# in other sections of this configuration file.
#
modules {
+sim_files {
+simtriplets = "${raddbdir}/simtriplets.dat"
+}
+eap{
+}
+aka{
+}
+sim{
+}
+default_eap_type = aka
+
}
#
# Each module has a configuration as follows:
#
1.2.3eap.config
eap{ } 内添加 sim{} aka{}
将 defult_eap_type=md5 改为 aka# We do NOT recommend using EAP-MD5 authentication
# for wireless connections. It is insecure, and does
# not provide for dynamic WEP keys.
#
+sim {
+}
md5 {
}
+aka {
+}
default_eap_type = aka
# Cisco LEAP
1.2.4 /usr/local/etc/radbb/sites-available/default
去掉所有 eap 前面的注释;
在 authorize {
}内添加 sim_files
# or PEAP. The load on those servers will therefore be reduced.
#
sim_files
#
aka_files
eap {
ok = return
}
1.3测试
radiusd -X
出现 Listening..................1812
......
Ready to process requests. 说明服务器端已成功安装
另开终端:
radtest testing testing localhost 1812 testing123
出现 ACCESS-REJECT / ACCESS-ACCEPT 说明服务器与客户端可正常收发包
2
AKA
2.1数据存储
将附件内 simtriplets.dat 复制到 radbb 目录下
cp simtriplets.dat /usr/local/etc/radbb
simtriplets.dat 文件内 AKA 数据添加格式如下:
AKA,[IMSI],[RAND],[RES],[AUTN],[IK],[CK]
2.2测试
1)服务器启动 freeradius:radiusd -X
2)将 IMSI 号等数据写入 simtriplets.dat
3)无线路由器指向服务器 IP,密钥为 testing123
4)客户端选择 AKA 认证方式,连接路由器。
5)出现服务器出现 sending-ACCEPT 字样即为连接成功。
Author:Xiaohui Pan xiaohui.pan@greenpacket.com
Date:2011-9-28