osx - Wireless 802.1x : configure tls, peap and ttls out of the box with FreeRadius 3.0.8 on a Mac Yosemite -
i'm looking quick easy way bring testbed. no need worry default settings because testing. need 802.1x working on 3 modes peap, ttls , tls on macbookpro. set quite simple airport 11ac , mac mini on yosemite 10.10.3 use install freeradius. client macbookpro authenticated against network. thanks.
here i've got : http://wiki.freeradius.org/building/build , kb.meraki.com/knowledge_base/freeradius-configure-freeradius-to-work-with-eap-tls-authentication
1) install talloc , freeradius
curl -lo www.samba.org/ftp/talloc/talloc-2.1.0.tar.gz tar zxvf talloc-2.1.0.tar.gz cd talloc-2.1.0 ./configure --without-gettext make sudo make install
cd ../ curl -lo ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.8.tar.gz tar zxvf freeradius-server-3.0.8.tar.gz cd freeradius-server-3.0.8 ./configure --enable-developer make sudo make install
note: while installing free radius, notice toward end, bootstrap being called. that's when certificate being generated.
2) edit /usr/local/etc/raddb/users with:
user cleartext-password := "whatever" reply-message := "whatever" bob cleartext-password := "hello" reply-message := "hello, %{user-name}"
3) edit /usr/local/etc/raddb/mods-enabled/eap: default_eap_type = md5 change default_eap_type = tls private_key_file = ${certdir}/server.pem change server.key
4) edit clients.conf airport extreme's ip
client extremeanger { ipaddr = 192.168.5.1 secret = wireless }
5) start freeradius on macmini sudo /usr/local/sbin/radiusd -x
6) copy ca.der , client.p12 macbookpro
7) go macbookpro , install apple configuration app app store
8) under 'supervise' menu, click plus + sign , create new profile
a. fill out general tab name of cert, b. go wifi tab, enter ssid , security type (tls), c. go identity certificate , load client.p12 file, d. go certificates tab , load ca.der file e. go wifi tab, trust menu, check box example certificate authority appears after done step d.
9) save , go main menu of apple configuration, click export arrow button , saveas profile, abc.mobileconfig file
10) double click on profile on macbookpro , try authenticate airport extreme's 802.1x network ssid.
11) pray work on first try, if not , read logs comes out on screen of macmini's radius -x window
12) create profile peap , ttls apple configurator app. make sure use username bob , pw hello configured above (if haven't figured out yet, username 'user' , pw 'whatever' used tls mode)
thanks reading
Comments
Post a Comment