osx - Wireless 802.1x : configure tls, peap and ttls out of the box with FreeRadius 3.0.8 on a Mac Yosemite -


i'm looking quick easy way bring testbed. no need worry default settings because testing. need 802.1x working on 3 modes peap, ttls , tls on macbookpro. set quite simple airport 11ac , mac mini on yosemite 10.10.3 use install freeradius. client macbookpro authenticated against network. thanks.

here i've got : http://wiki.freeradius.org/building/build , kb.meraki.com/knowledge_base/freeradius-configure-freeradius-to-work-with-eap-tls-authentication

1) install talloc , freeradius

curl -lo www.samba.org/ftp/talloc/talloc-2.1.0.tar.gz tar zxvf talloc-2.1.0.tar.gz cd talloc-2.1.0 ./configure --without-gettext make sudo make install

cd ../ curl -lo ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.8.tar.gz tar zxvf freeradius-server-3.0.8.tar.gz cd freeradius-server-3.0.8 ./configure --enable-developer make sudo make install

note: while installing free radius, notice toward end, bootstrap being called. that's when certificate being generated.

2) edit /usr/local/etc/raddb/users with:

user    cleartext-password := "whatever"         reply-message := "whatever"  bob     cleartext-password := "hello"         reply-message := "hello, %{user-name}"

3) edit /usr/local/etc/raddb/mods-enabled/eap: default_eap_type = md5 change default_eap_type = tls private_key_file = ${certdir}/server.pem change server.key

4) edit clients.conf airport extreme's ip

client extremeanger {         ipaddr = 192.168.5.1         secret = wireless }

5) start freeradius on macmini sudo /usr/local/sbin/radiusd -x

6) copy ca.der , client.p12 macbookpro

7) go macbookpro , install apple configuration app app store

8) under 'supervise' menu, click plus + sign , create new profile

a. fill out general tab name of cert, b. go wifi tab, enter ssid , security type (tls), c. go identity certificate , load client.p12 file, d. go certificates tab , load ca.der file e. go wifi tab, trust menu, check box example certificate authority appears after done step d.

9) save , go main menu of apple configuration, click export arrow button , saveas profile, abc.mobileconfig file

10) double click on profile on macbookpro , try authenticate airport extreme's 802.1x network ssid.

11) pray work on first try, if not , read logs comes out on screen of macmini's radius -x window

12) create profile peap , ttls apple configurator app. make sure use username bob , pw hello configured above (if haven't figured out yet, username 'user' , pw 'whatever' used tls mode)

thanks reading


Comments

Post a Comment

Popular posts from this blog

jquery - How do you format the date used in the popover widget title of FullCalendar? -

Image
in fullcalendar, how format date used in popover widget title when clicking '+n more'? code: <div class="fc-popover fc-more-popover"> <div class="fc-header fc-widget-header"> <span class="fc-close fc-icon fc-icon-x"></span> <span class="fc-title">tuesday, april 7</span> ... </div> ... </div> you use daypopoverformat that. determines date format of title of popover created eventlimitclick option. must date formatting string. default value "dddd, mmmm d" english , "ll" other languages.
Read more

Bubble Sort Manually a Linked List in Java -

Image
this first question here. trying manually sort linked list of integers in java , can not figure out wrong code. suggestions? don't error, still have output unordered. tried few different ways, nothing worked. appreciate if can me that. public class node { int data; node nextnode; public node(int data) { this.data = data; this.nextnode = null; } public int getdata() { return this.data; } } // node class public class datalinkedlist implements datainterface { private node head; private int size; public datalinkedlist(){ this.head = null; this.size = 0; } public void add(int data) { node node = new node(data); if (head == null) { head = node; } else { node currentnode = head; while(currentnode.nextnode != null) { currentnode = currentnode.nextnode; } currentnode.nextnode = node; ...
Read more

asp.net mvc - SSO between MVCForum and Umbraco7 -

i need integrate sso between mvcforum (forum of company) , umbraco7 (manages cms company). however struggling shared authentication work. tried several ways suggested on other threads still not running expected. here did: 1. in mvcforum (forum.mywebsite.com) 1.1. machine key in web.xml: <machinekey validationkey="the same key umbraco7" decryptionkey="the same key umbraco7" validation="sha1" decryption="aes" /> 1.2. authenticate forms in web.xml <forms name="my-sso-auth" protection="all" path="/" timeout="43200" domain="forum.mywebsite.com" loginurl="/members/logon" enablecrossappredirects="true" /> 2. in umbraco7 (news.mywebsite.com) 2.1. machine key in web.xml: <machinekey validationkey="the same key mvcforum" decryptionkey="the same key mvcforum" validation="sha1" decryption="aes" /> 2.2. a...
Read more