radius系列：freeradius测试

来源：互联网发布：js鼠标移动轨迹编辑：程序博客网时间：2024/06/16 00:33

常用工具：

radclient

radtest

radeapclient

eapol_test

jradius simulator

jradius编码

先简单备注下测试配置，后期再作说明：

服务器端配置如下：

## etc/raddb/users 用户配置"madding" Cleartext-Password := "hell01234"## etc/raddb/clients.conf 配置客户端密码， 由于是本机测试，配置这个点即可：client localhost  secret      = testing123## /etc/raddb/eap.conf## eap-tls配置，在tls模块配置客户端证书## 将父证书到顶级证书的内容都加入奥pem中，要不然freeradius无法识别，区别apache CA_file = ${cadir}/alilang/alilang_ca_merge.pem## etc/raddb/sites-enabled/default## 配置验证和授权的方式，计费可不考虑，这次不测是到这个点；确认开启了以下几个方式papeapchapmschap

pap：

/opt/freeradius/bin/radtest madding hell01234 127.0.0.1 1812 testing123

eap-md5：

# eap-md5.sh/opt/freeradius/bin/radeapclient -x 127.0.0.1 auth testing123 < eap-md5.txt# eap-md5.txtUser-Name = "madding"Cleartext-Password = "hell01234"EAP-Code = ResponseEAP-Id = 210EAP-Type-Identity = "ufiletest"Message-Authenticator = 0x00

peap-mschapv2：

##   eapol_test -c peap-mschapv2.conf -s testing123#network={        ssid="example"        key_mgmt=WPA-EAP        eap=PEAP        identity="madding"        anonymous_identity="anonymous"        password="hell01234"        phase2="autheap=MSCHAPV2"    #    #  Uncomment the following to perform server certificate validation.#   ca_cert="/etc/raddb/certs/ca.der"}

eap-tls:

# eapol_test -c tls.conf -a 127.0.0.1 -p 1812 -s testing123 -r 1network={    eap=TLS    eapol_flags=0    key_mgmt=IEEE8021X    identity="madding"    password="hell01234"    # client     #ca_cert="/opt/freeradius/etc/raddb/certs/ca.pem"    #client_cert="/opt/freeradius/etc/raddb/certs/client.pem"    #private_key="/opt/freeradius/etc/raddb/certs/client.key"    #private_key_passwd="whatever"    # self cert client     client_cert="/home/madding/output/alilang_client_25741.pem"    private_key="/home/madding/output/alilang_client_25741.key"    private_key_passwd="hell01234"    # server    #ca_cert="/opt/freeradius/etc/raddb/certs/ca.pem"    #client_cert="/opt/freeradius/etc/raddb/certs/server.pem"    #private_key="/opt/freeradius/etc/raddb/certs/server.key"    #private_key_passwd="whatever"}

ttls-chap:

##   eapol_test -c ttls-pap.conf -s testing123#network={        ssid="example"        key_mgmt=WPA-EAP        eap=TTLS        identity="madding"        anonymous_identity="anonymous"        password="hell01234"        phase2="auth=CHAP"    #    #  Uncomment the following to perform server certificate validation.#   ca_cert="/etc/raddb/certs/ca.der"}

ttls-eapmd5:

##   eapol_test -c ttls-eapmd5.conf -s testing123#network={        ssid="example"        key_mgmt=WPA-EAP        eap=TTLS        identity="madding"        anonymous_identity="anonymous"        password="hell01234"        phase2="autheap=MD5"    #    #  Uncomment the following to perform server certificate validation.#   ca_cert="/etc/raddb/certs/ca.der"}~

ttls-mschapv2:

##   eapol_test -c ttls-mschapv2.conf -s testing123#network={        ssid="example"        key_mgmt=WPA-EAP        eap=TTLS        identity="bob"        anonymous_identity="anonymous"        password="hello"        phase2="autheap=MSCHAPv2"    #    #  Uncomment the following to perform server certificate validation.#   ca_cert="/etc/raddb/certs/ca.der"}

ttls-pap:

##   eapol_test -c ttls-pap.conf -s testing123#network={        ssid="example"        key_mgmt=WPA-EAP        eap=TTLS        identity="madding"        anonymous_identity="anonymous"        password="hell01234"        phase2="auth=PAP"    #}

0 0