Your Web News in One Place

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
June 19, 2022 06:24 pm GMT

EAP ayarlarnn kontrol edilmesi

Freeradius veya herhangi bir radius ayarlarnn yapld bir sistemde kontrol etmek istenirse eapol_test isimli ara kullanlabilir. Bu ara iin genellikle eapoltest isimli paket kullanlmakta. Kullanm ise olduka basit olmakla birlikte PEAP zerinde bir rnek yapmak istiyorum:

PEAP test yaplandrmas

PEAP testi iin aadaki yaplandrma kullanlabilir:

network={  ssid="eduroam"  key_mgmt=IEEE8021X  eap=PEAP  pairwise=CCMP TKIP  group=CCMP TKIP WEP104 WEP40  phase2="auth=MSCHAPV2"  identity="ali"  anonymous_identity="administrator"  password="Passw0rd"}

Bu dosya ierii rnein eaptest1.cfg olarak bir yere kaydedilmesi gerekmekte. zellikle gerek sistemlerde bir deneme yaplyorsa SSID'nin dzenlenmesi gerektii gibi dz freeradius zerinde deitirmeye gerek duyulmamaktadr.

EAP metodu, pairwise ve grup deerleri istendii gibi seilebilmektedir. PEAP seildi ise rnein MSCHAPv2 seilmesi de nerilmektedir. Bunlarn yannda identity yazan ksm LDAP zerinde kaytl bir hesap ve password olarak parolas verilmesi gerekmekte. Ayrca anonymous_identity de LDAP zerinde olmas gerekmektedir.

EAP test ileminin yaplmas

EAP test ilemini yapmak da olduka basit. Aadaki komut kullanlabilir:

eapol_test -c ./eaptest1.cfg -a 192.168.1.55 -p 1812 -s bir

Bu komutta biraz nce oluturduumuz dosyann adresi verilip, freeradius sunucusunun IP adresi verilerek, Auth portu belirtilmesi gerekmektedir. Ve tabi ki client.conf'a yazlm olan secret anahtarnn da -s parametresi ile verilmesi gerekmektedir.

Tm ayarlar doru yaplrsa sonu aadaki gibi biten bir yaz ortaya kar:

Encapsulating EAP message into a RADIUS packet  Copied RADIUS State AttributeSending RADIUS message to authentication serverRADIUS message: code=1 (Access-Request) identifier=9 length=186   Attribute 1 (User-Name) length=15      Value: 'administrator'   Attribute 4 (NAS-IP-Address) length=6      Value: 127.0.0.1   Attribute 31 (Calling-Station-Id) length=19      Value: '02-00-00-00-00-01'   Attribute 12 (Framed-MTU) length=6      Value: 1400   Attribute 61 (NAS-Port-Type) length=6      Value: 19   Attribute 6 (Service-Type) length=6      Value: 2   Attribute 77 (Connect-Info) length=24      Value: 'CONNECT 11Mbps 802.11b'   Attribute 79 (EAP-Message) length=48      Value: 0209002e1900170303002301e2c81d5d2a7efd98f88593de3a5dc5332f23e46b479b205dc35f8d288e4bed83144e   Attribute 24 (State) length=18      Value: 9cc2ebe394cbf21161fe5416c712dc7c   Attribute 80 (Message-Authenticator) length=18      Value: ab8e595388b5cebe5a4d7846c60f7806Next RADIUS client retransmit in 3 secondsEAPOL: SUPP_BE entering state RECEIVEReceived 175 bytes from RADIUS serverReceived RADIUS messageRADIUS message: code=2 (Access-Accept) identifier=9 length=175   Attribute 26 (Vendor-Specific) length=58      Value: 0000013711348078fd32c9a41a1a42f122791c442b8c8b64e7ed529e9df14b8f56cb534aa586ba2009b47b858c6fd9071a5506aae148b055   Attribute 26 (Vendor-Specific) length=58      Value: 0000013710348dd2aa2b08fc674877b36dff3a79bf000534a594fdea060399bae335d07a184b2196fa2d78c7789f0c0f43fec5de7d830975   Attribute 79 (EAP-Message) length=6      Value: 03090004   Attribute 80 (Message-Authenticator) length=18      Value: a9ce4ee637f2880be1a3b4d45f20e313   Attribute 1 (User-Name) length=15      Value: 'administrator'STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 secRADIUS packet matching with stationMS-MPPE-Send-Key (sign) - hexdump(len=32): 1f bc 7b 64 f0 c6 97 dc 3a 26 0b 9f ec e5 74 0f 42 15 1b 1a 02 ad 1b 66 db de 48 5f 8c d1 ad abMS-MPPE-Recv-Key (crypt) - hexdump(len=32): 3e 3a 22 1a 86 97 96 32 9e bd 84 4c 82 11 65 2d fe ce 00 34 af d2 df dc 7b 5e 1c 19 57 ec 98 a9decapsulated EAP packet (code=3 id=9 len=4) from RADIUS server: EAP SuccessEAPOL: Received EAP-Packet frameEAPOL: SUPP_BE entering state REQUESTEAPOL: getSuppRspEAP: EAP entering state RECEIVEDEAP: Received EAP-SuccessEAP: Status notification: completion (param=success)EAP: EAP entering state SUCCESSCTRL-EVENT-EAP-SUCCESS EAP authentication completed successfullyEAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames requiredWPA: EAPOL processing completeCancelling authentication timeoutState: DISCONNECTED -> COMPLETEDEAPOL: SUPP_PAE entering state AUTHENTICATEDEAPOL: SUPP_BE entering state RECEIVEEAPOL: SUPP_BE entering state SUCCESSEAPOL: SUPP_BE entering state IDLEeapol_sm_cb: result=1EAPOL: Successfully fetched key (len=32)PMK from EAPOL - hexdump(len=32): 3e 3a 22 1a 86 97 96 32 9e bd 84 4c 82 11 65 2d fe ce 00 34 af d2 df dc 7b 5e 1c 19 57 ec 98 a9No EAP-Key-Name received from serverWPA: Clear old PMK and PTKEAP: deinitialize previously used EAP method (25, PEAP) at EAP deinitENGINE: engine deinitMPPE keys OK: 1  mismatch: 0SUCCESS

Original Link: https://dev.to/aciklab/eap-ayarlarinin-kontrol-edilmesi-41lp

Share this article:    Share on Facebook
View Full Article

Dev To

An online community for sharing and discovering great ideas, having debates, and making friends

More About this Source Visit Dev To