Presentation is loading. Please wait.

Presentation is loading. Please wait.

Eduroam Training 18.11.2010 Конфигурација на freeradius.

Published byLucas Anderson Modified over 9 years ago

Similar presentations

Presentation on theme: "Eduroam Training 18.11.2010 Конфигурација на freeradius."— Presentation transcript:

1 eduroam Training 18.11.2010 Конфигурација на freeradius

2 18.11.2011 marija.lazarovska@ukim.edu.mk 2 Агенда  Инсталација и конфигурација на freeradius  Конфигурација на eduroam Service provider (Авторизација)  Конфигурација на eduroam Identity provider (Автентификација)  Конфигурација на Access Point  Конфигурација на клиенти

3 18.11.2011 marija.lazarovska@ukim.edu.mk 3 Identity vs. Service Provider  Home institution = Identity Provider База за управување со идентитети Врши АВТЕНТИФИКАЦИЈА – Дали корисникот е оној кој се претставува дека е?  Visited institution = Service Provider Ја нуди својата мрежна инфраструктура (e.g. Access points, VLANS, пристап до интернет, RADIUS сервери) Врши АВТОРИЗАЦИЈА – Каков мрежен пристап треба да добие корисникот?

4 18.11.2011 marija.lazarovska@ukim.edu.mk 4 Service Provider (SP)  Конфигурација на RADIUS сервер  Конфигурација access point со SSID eduroam  Конфигурација на supplicants

5 18.11.2011 marija.lazarovska@ukim.edu.mk 5 freeradius  www.freeradius.org  Компајлирање и инсталација на FreeRADIUS./configure --sysconfdir=... make make install  Конфигурациските фајлови се наоѓаат во $SYSCONFDIR/raddb/*

6 18.11.2011 marija.lazarovska@ukim.edu.mk 6 Важни фајлови  clients.conf  proxy.conf  sites-enabled/eduroam  radiusd.conf

7 18.11.2011 marija.lazarovska@ukim.edu.mk 7 clients.conf  Дефиниција на клиенти - уреди коишто можат да праќаат request-и до серверот : Access points претставуваат клиенти за RADIUS серверот Останатите RADIUS сервери во хиерархијата се исто така клиенти  Секој клиент е дефиниран со посебна client {... } структура Дефиницијата вклучува shared secret

8 18.11.2011 marija.lazarovska@ukim.edu.mk 8 clients.conf #Definicija na RADIUS klienti (NAS, Access Point, itn.). #localhost za testiranje client localhost { ipaddr = 127.0.0.1 secret = testing123 shortname= localhost nastype = other virtual_server = eduroam } #access points so shared secrets client __CLIENT_DESCRIPTIVE_NAME__{ ipaddr = __CLIENT_IP_ADDR__ netmask = 32 secret = __SHARED_SECRET__ shortname = __CLIENT_SHORT_NAME__ nastype = other virtual_server = eduroam } #uplink RADIUS server od federacijata client tld1.eduroam.mk { ipaddr = 194.149.131.37 netmask = 32 secret =_SHARED_SECRET__ shortname = eduroam-tld1 nastype = other virtual_server = eduroam }

9 18.11.2011 marija.lazarovska@ukim.edu.mk 9 proxy.conf  Препраќање на request-и дo FLRs и управување со realms  Рутирањето во eduroam се базира на т.н. realms кои се одредуваат со @suffix  home_server, home_server_pool и realm DEFAULT (во proxy.conf) + suffix модул

10 18.11.2011 marija.lazarovska@ukim.edu.mk 10 proxy.conf proxy server { default_fallback = yes } #FTLR home_server tld1-eduroam-mk { type = auth+acct ipaddr = 194.149.131.37 port = 1812 secret = __SHARED_SECRET__ response_window = 20 zombie_period = 40 revive_interval = 60 status_check = status-server check_interval = 10 num_answers_to_alive = 3 } home_server_pool EDUROAM-FTLR { type = fail-over home_server = tld1-eduroam-mk } realm NULL { nostrip } realm DEFAULT { pool = EDUROAM-FTLR nostrip }

11 18.11.2011 marija.lazarovska@ukim.edu.mk 11 radiusd.conf  Референцира т.н. Виртуелни сервери  Виртуелниот сервер (eduroam) дефинира кои модули се извршуваат за даден request  SP не врши автентификација, само ги препраќа добиените пакети од клиентите до proxy серверите, откако ќе ги испроцесира realm suffix { format = suffix delimiter = "@" }

12 18.11.2011 marija.lazarovska@ukim.edu.mk 12 eduroam Виртуелен сервер preacct { suffix } accounting { } pre-proxy { pre_proxy_log if (Packet-Type != Accounting- Request) { attr_filter.pre-proxy } post-proxy { attr_filter.post-proxy post_proxy_log } server eduroam { authorize { auth_log suffix } authenticate { } post-auth { reply_log Post-Auth-Type REJECT { reply_log }

13 18.11.2011 marija.lazarovska@ukim.edu.mk 13 Identity Provider (IdP)  Identity Provider = Service Provider + : Сопствен realm (__institucija__.mk) EAP Endpoint - Неколку конфигурациски промени во серверот База на корисници

14 18.11.2011 marija.lazarovska@ukim.edu.mk 14 proxy.conf  сопствениот realm се обработува локално realm __INSTITUCIJA__.mk { nostrip }

15 18.11.2011 marija.lazarovska@ukim.edu.mk 15 Виртуелен сервер eduroam  EAP модулот се додава во authorize и authenticate authorize { auth_log suffix if ((Proxy-To-Realm == DEFAULT) && (User-Name =~ /.*@.*.__INSTITUCIJA__.mk$/)){ update control { Proxy-To-Realm := NULL } eap } authenticate { eap }

16 18.11.2011 marija.lazarovska@ukim.edu.mk 16 eduroam-inner- tunnel  Внатрешна автентификација: нов виртуелен сервер eduroam-inner-tunnel authorize { auth_log files mschap pap } post-auth { reply_log Post-Auth-Type REJECT { reply_log } authenticate { Auth-Type PAP{ pap } Auth-Type MS-CHAP{ mschap }

17 18.11.2011 marija.lazarovska@ukim.edu.mk 17 eap.conf  дефинира: дозволени EAP методи Серверски сертификат eap { …. ttls { default_eap_type = pap copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "eduroam- inner-tunnel" } peap { default_eap_type = mschapv2 copy_request_to_tunnel = yes use_tunneled_reply = yes virtual_server = "eduroam- inner-tunnel" } }

18 eduroam Training 18.11.2010 Конфигурација на Access Point

19 18.11.2011 marija.lazarovska@ukim.edu.mk 19 Конфигурација на Access Point  SSID  Encryption  NTP  RADIUS uplink  IP адреса

20 18.11.2011 marija.lazarovska@ukim.edu.mk 20 Конфигурација на Access Point (dd-wrt)  Setup  Basic Setup  Time Settings (конфедерациско побарување: сигурен временски извор)

21 18.11.2011 marija.lazarovska@ukim.edu.mk 21 Конфигурација на Access Point (dd-wrt)

22 eduroam Training 18.11.2010 Конфигурација на Supplicants

23 18.11.2011 marija.lazarovska@ukim.edu.mk 23 DELL Wireless WLAN Card Utility

24 18.11.2011 marija.lazarovska@ukim.edu.mk 24 DELL Wireless WLAN Card Utility

25 18.11.2011 marija.lazarovska@ukim.edu.mk 25 DELL Wireless WLAN Card Utility

26 18.11.2011 marija.lazarovska@ukim.edu.mk 26 DELL Wireless WLAN Card Utility

27 18.11.2011 marija.lazarovska@ukim.edu.mk 27 Intel® PROSet/Wireless

28 18.11.2011 marija.lazarovska@ukim.edu.mk 28 Intel® PROSet/Wireless

29 18.11.2011 marija.lazarovska@ukim.edu.mk 29 Intel® PROSet/Wireless

30 18.11.2011 marija.lazarovska@ukim.edu.mk 30 SecureW2  Control Panel  Network Connections  Wireless Network Connection WPA2/AES или WPA/TKIP * WPA patch за XP SP2

31 18.11.2011 marija.lazarovska@ukim.edu.mk 31 SecureW2

32 18.11.2011 marija.lazarovska@ukim.edu.mk 32 SecureW2

33 18.11.2011 marija.lazarovska@ukim.edu.mk 33 SecureW2

34 ПРАШАЊА? marija.lazarovska@ukim.edu.mk

Download ppt "Eduroam Training 18.11.2010 Конфигурација на freeradius."

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,

Connect. Communicate. Collaborate eduroam: a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 NORDUnet 2008, Espoo,
Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,

Connect. Communicate. Collaborate eduroam: towards a managed European service Miroslav Milinović, Srce, Zagreb, Croatia eduroam SA, GÉANT2 Wi-Fi Workshop,
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
Chargeable-User-Identity in eduroam. The problem Current eduroam setup provides per-realm granularity The consequences – if a guest misbehaves the SP.

Chargeable-User-Identity in eduroam. The problem Current eduroam setup provides per-realm granularity The consequences – if a guest misbehaves the SP.
Doc.: IEEE 802.11-12/0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: 2012-05-09 Authors:

Doc.: IEEE /0598r0 Submission May 2012 Steve Grau, Juniper NetworksSlide 1 Layer 3 Setup with Dynamic VLAN Assignment Date: Authors:
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.

CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.
Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,

Connect communicate collaborate Eduroam debugging Gurvinder Singh and Gunnar Bøe, Campus Networks and Systems, UNINETT AMRES Wireless workshop Belgrade,
Fast roaming in WPA T. Wolniewicz PIONIER. Events causing access-point switching Moving wireless client Metwork card switching in search of better conditions.

Fast roaming in WPA T. Wolniewicz PIONIER. Events causing access-point switching Moving wireless client Metwork card switching in search of better conditions.
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
802.1X Configuration Terena 802.1X workshop the Netherlands, Amsterdam, March 30 th Paul Dekkers.

802.1X Configuration Terena 802.1X workshop the Netherlands, Amsterdam, March 30 th Paul Dekkers.
Setting up eduroam Issue 2.0.

Setting up eduroam Issue 2.0.
FreeRADIUS configuration

FreeRADIUS configuration
Philippe Hanset ANYROAM LLC

Philippe Hanset ANYROAM LLC
Connect. Communicate. Collaborate Click to edit Master title style Setting up an eduroam Service Provider.

Connect. Communicate. Collaborate Click to edit Master title style Setting up an eduroam Service Provider.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia, 19.06.2014.

Connect communicate collaborate RADIUS and WLAN Infrastructure Monitoring Jovana Palibrk, AMRES NA3 T2, Sofia,
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

Similar presentations

Ads by Google