eap-ttls/mschapv2

文件路径

#gedit /usr/local/etc/raddb/sites-available/default

#gedit /usr/local/etc/raddb/sites-enabled/default

设置authorize{} 中files为隐性，sql为显性

选择从sql数据库读取用户预设信息

#gedit /usr/local/etc/raddb/sites-available/default

#gedit /usr/local/etc/raddb/sites-enabled/default

设置authorize{} 中eap设为显性

选择认证方式为eap

#gedit /usr/local/etc/raddb/eap.conf

设置eap{} 中default_eap_type=ttls

设置eap类型为ttls

#ls /usr/local/etc/raddb/certs/*.pem

正常 列表中含有ca.pem

若没有ca.pem文件，则执行以下命令：

#/usr/local/etc/raddb/certs/bootstrap

#mysql -u root -p
Enter password:456456
mysql> use freeradius;
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('eap','Auth-Type',':=','EAP');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('eap','Service-Type',':=','Framed-User');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('eap','Framed-IP-Address',':=','255.255.255.255');
mysql> insert into radgroupreply (groupname,attribute,op,value) values ('eap','Framed-IP-Netmask',':=','255.255.255.0');

mysql> insert into radcheck (username,attribute,op,value) values ('eap','User-Password',':=','eap');

mysql> insert into radusergroup (username,groupname) values ('eap','eap');

关联用户与组

mysql> insert  into radreply(username,attribute,op,value) values('eap','Reply-Message','=','eap OK!');

添加用户回复信息

#gedit /usr/local/etc/raddb/clients.conf

在最后面添加

client 10.10.200.0/24 {

    secret = 111111　　

    shortname = tessie

}

localhost的secret默认为testing123

#~/ttlsmschapv2.test

network={　　　　　　//注意："="前后无空格

	eap=TTLS

	ssid="test"   //可更改

	key_mgmt=WPA-EAP

	identity="eap"　　//注意：该测试账号是之前用sql建立在数据库中的，所以可以直接使用

	password="eap"

	ca_cert="/usr/local/etc/raddb/certs/ca.pem"

	phase2="auth=MSCHAPV2"

	anonymous_identity="anonymous" //可更改

}

#radiusd -X

#eapol_test -c ttlsmschapv2.test -s testing123　　//ttlsmschapv2.test在~/目录下，所以该命令也要在~/目录下进行。需保持一致。

eapol_test -c<conf> [-a<AS IP>] [-p<AS port>] [-s<AS secret>] [-r<count>] ...