EAP 제어 제어 편집
PEAP 테스트 결과
PEAP testi için aşağıdaki yapılandırma kullanılabilir:
network={
ssid="eduroam"
key_mgmt=IEEE8021X
eap=PEAP
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
phase2="auth=MSCHAPV2"
identity="ali"
anonymous_identity="administrator"
password="Passw0rd"
}
Bu dosya içeriği örneğin eaptest1.cfg olarak bir yere kaydedilmesi gerekmekte. Özellikle gerçek sistemlerde bir deneme yapılıyorsa SSID'nin düzenlenmesi gerektiği gibi düz freeradius üzerinde değiştirmeye gerek duyulmamaktadır.
EAP 방법, pairwise ve 그룹 değerleri istendiği gibi seçilebilmektedir. PEAP seçildi ise örneğin MSCHAPv2 seçilmesi de önerilmektedir. Bunların yanında identity yazan kısım LDAP üzerinde kayıtlı bir hesap ve password olarak parolası verilmesi gerekmekte. Ayrıca anonymous_identity de LDAP üzerinde olması gerekmektedir.
EAP 테스트 işleminin yapılması
EAP 테스트 işlemini yapmak da oldukça basit. Aşağıdaki komut kullanılabilir:
eapol_test -c ./eaptest1.cfg -a 192.168.1.55 -p 1812 -s bir
Bu komutta biraz önce oluşturduğumuz dosyanın adresi verilip, freeradius sunucusunun IP adresi verilerek, Auth portu belirtilmesi gerekmektedir. Ve tabi ki client.conf'a yazılmış olan secret anahtarının da -s parametresi ile verilmesi gerekmektedir.
Tüm ayarlar doğru yapılırsa sonu aşağıdaki gibi biten bir yazı ortaya çıkar:
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=9 length=186
Attribute 1 (User-Name) length=15
Value: 'administrator'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=48
Value: 0209002e1900170303002301e2c81d5d2a7efd98f88593de3a5dc5332f23e46b479b205dc35f8d288e4bed83144e
Attribute 24 (State) length=18
Value: 9cc2ebe394cbf21161fe5416c712dc7c
Attribute 80 (Message-Authenticator) length=18
Value: ab8e595388b5cebe5a4d7846c60f7806
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 175 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=2 (Access-Accept) identifier=9 length=175
Attribute 26 (Vendor-Specific) length=58
Value: 0000013711348078fd32c9a41a1a42f122791c442b8c8b64e7ed529e9df14b8f56cb534aa586ba2009b47b858c6fd9071a5506aae148b055
Attribute 26 (Vendor-Specific) length=58
Value: 0000013710348dd2aa2b08fc674877b36dff3a79bf000534a594fdea060399bae335d07a184b2196fa2d78c7789f0c0f43fec5de7d830975
Attribute 79 (EAP-Message) length=6
Value: 03090004
Attribute 80 (Message-Authenticator) length=18
Value: a9ce4ee637f2880be1a3b4d45f20e313
Attribute 1 (User-Name) length=15
Value: 'administrator'
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
MS-MPPE-Send-Key (sign) - hexdump(len=32): 1f bc 7b 64 f0 c6 97 dc 3a 26 0b 9f ec e5 74 0f 42 15 1b 1a 02 ad 1b 66 db de 48 5f 8c d1 ad ab
MS-MPPE-Recv-Key (crypt) - hexdump(len=32): 3e 3a 22 1a 86 97 96 32 9e bd 84 4c 82 11 65 2d fe ce 00 34 af d2 df dc 7b 5e 1c 19 57 ec 98 a9
decapsulated EAP packet (code=3 id=9 len=4) from RADIUS server: EAP Success
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: Status notification: completion (param=success)
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required
WPA: EAPOL processing complete
Cancelling authentication timeout
State: DISCONNECTED -> COMPLETED
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=1
EAPOL: Successfully fetched key (len=32)
PMK from EAPOL - hexdump(len=32): 3e 3a 22 1a 86 97 96 32 9e bd 84 4c 82 11 65 2d fe ce 00 34 af d2 df dc 7b 5e 1c 19 57 ec 98 a9
No EAP-Key-Name received from server
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 1 mismatch: 0
SUCCESS
Reference
이 문제에 관하여(EAP 제어 제어 편집), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다
https://dev.to/aciklab/eap-ayarlarinin-kontrol-edilmesi-41lp
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
network={
ssid="eduroam"
key_mgmt=IEEE8021X
eap=PEAP
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
phase2="auth=MSCHAPV2"
identity="ali"
anonymous_identity="administrator"
password="Passw0rd"
}
EAP 테스트 işlemini yapmak da oldukça basit. Aşağıdaki komut kullanılabilir:
eapol_test -c ./eaptest1.cfg -a 192.168.1.55 -p 1812 -s bir
Bu komutta biraz önce oluşturduğumuz dosyanın adresi verilip, freeradius sunucusunun IP adresi verilerek, Auth portu belirtilmesi gerekmektedir. Ve tabi ki client.conf'a yazılmış olan secret anahtarının da -s parametresi ile verilmesi gerekmektedir.
Tüm ayarlar doğru yapılırsa sonu aşağıdaki gibi biten bir yazı ortaya çıkar:
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=9 length=186
Attribute 1 (User-Name) length=15
Value: 'administrator'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=48
Value: 0209002e1900170303002301e2c81d5d2a7efd98f88593de3a5dc5332f23e46b479b205dc35f8d288e4bed83144e
Attribute 24 (State) length=18
Value: 9cc2ebe394cbf21161fe5416c712dc7c
Attribute 80 (Message-Authenticator) length=18
Value: ab8e595388b5cebe5a4d7846c60f7806
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 175 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=2 (Access-Accept) identifier=9 length=175
Attribute 26 (Vendor-Specific) length=58
Value: 0000013711348078fd32c9a41a1a42f122791c442b8c8b64e7ed529e9df14b8f56cb534aa586ba2009b47b858c6fd9071a5506aae148b055
Attribute 26 (Vendor-Specific) length=58
Value: 0000013710348dd2aa2b08fc674877b36dff3a79bf000534a594fdea060399bae335d07a184b2196fa2d78c7789f0c0f43fec5de7d830975
Attribute 79 (EAP-Message) length=6
Value: 03090004
Attribute 80 (Message-Authenticator) length=18
Value: a9ce4ee637f2880be1a3b4d45f20e313
Attribute 1 (User-Name) length=15
Value: 'administrator'
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
MS-MPPE-Send-Key (sign) - hexdump(len=32): 1f bc 7b 64 f0 c6 97 dc 3a 26 0b 9f ec e5 74 0f 42 15 1b 1a 02 ad 1b 66 db de 48 5f 8c d1 ad ab
MS-MPPE-Recv-Key (crypt) - hexdump(len=32): 3e 3a 22 1a 86 97 96 32 9e bd 84 4c 82 11 65 2d fe ce 00 34 af d2 df dc 7b 5e 1c 19 57 ec 98 a9
decapsulated EAP packet (code=3 id=9 len=4) from RADIUS server: EAP Success
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: Status notification: completion (param=success)
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required
WPA: EAPOL processing complete
Cancelling authentication timeout
State: DISCONNECTED -> COMPLETED
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=1
EAPOL: Successfully fetched key (len=32)
PMK from EAPOL - hexdump(len=32): 3e 3a 22 1a 86 97 96 32 9e bd 84 4c 82 11 65 2d fe ce 00 34 af d2 df dc 7b 5e 1c 19 57 ec 98 a9
No EAP-Key-Name received from server
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 1 mismatch: 0
SUCCESS
Reference
이 문제에 관하여(EAP 제어 제어 편집), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://dev.to/aciklab/eap-ayarlarinin-kontrol-edilmesi-41lp텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)