Difference between revisions of "Talk:Spacenet"
(→Generate new certificates:: new section) |
(added some extra debug steps) |
||
| Line 9: | Line 9: | ||
Sent Access-Request Id <SEQ> from 0.0.0.0:51116 to <RADIUS_IP>:1812 length <LEN> | Sent Access-Request Id <SEQ> from 0.0.0.0:51116 to <RADIUS_IP>:1812 length <LEN> | ||
Received Access-Accept Id <SEQ> from <RADIUS_IP>:1812 to <LOCAL_IP>:51116 length 20 | Received Access-Accept Id <SEQ> from <RADIUS_IP>:1812 to <LOCAL_IP>:51116 length 20 | ||
| + | |||
| + | Note that the tokens are IP bound; use the right token. | ||
| + | If command line works but the AP is not willing to connect (somethings in the lines of <code>deauthenticating from AC:25:PA:CE:13:37 by local choice (Reason: 3=DEAUTH_LEAVING)</code> in <code>dmesg -w</code>, the AP might have configured the wrong RADIUS IP or token, or even something else. | ||
== Generate new certificates: == | == Generate new certificates: == | ||
Latest revision as of 15:43, 13 July 2024
xopr 20:59, 9 October 2020 (CEST) I was triggered by a random tweakers article also directing to another article with an informational comment that pointed to a youtube video that triggered me to check some of the status. Since it's not 'guest' related and has a certificate: it's all good, but I wanted to store the above links anyway.
testing commandline
To test command line (with debug information and without setting up an actual accesspoint), one can use the following:
echo "User-Name=<USER>@ackspace.nl,User-Password=<CORRECT_PASS>"|/usr/bin/radclient <RADIUS_IP>:1812 auth <TOKEN> Sent Access-Request Id <SEQ> from 0.0.0.0:51116 to <RADIUS_IP>:1812 length <LEN> Received Access-Accept Id <SEQ> from <RADIUS_IP>:1812 to <LOCAL_IP>:51116 length 20
Note that the tokens are IP bound; use the right token.
If command line works but the AP is not willing to connect (somethings in the lines of deauthenticating from AC:25:PA:CE:13:37 by local choice (Reason: 3=DEAUTH_LEAVING) in dmesg -w, the AP might have configured the wrong RADIUS IP or token, or even something else.
Generate new certificates:
- Steps to check the certificate validity:
openssl x509 -text -noout -in ./spacenet-2023.pemor simply:openssl x509 -dates -noout -in ./spacenet-2023.pem
I followed https://sjamso.blogspot.com/2021/03/regenerate-and-configure-ssl.html to clean up and fix the certificates:
cp /usr/share/doc/freeradius/examples/certs/* /etc/freeradius/3.0/certs/
edit /etc/freeradius/3.0/certs/ca.cnf
[ CA_default ] ... default_days = 1825 ... [certificate_authority] countryName = NL stateOrProvinceName = Limburg localityName = Heerlen organizationName = ACKspace emailAddress = realm-admin@ackspace.nl commonName = "ACKspace spacenet certificate authority"
edit /etc/freeradius/3.0/certs/server.cnf:
[ CA_default ] ... default_days = 1825 ... [server] countryName = NL stateOrProvinceName = Limburg localityName = Heerlen organizationName = ACKspace emailAddress = realm-admin@ackspace.nl commonName = "ACKspace spacenet certificate"
check certificate references in /etc/freeradius/3.0/mods-enabled/eap:
tls-config tls-common {
...
private_key_file = ${certdir}/server-migrated.key
certificate_file = ${certdir}/server-migrated.pem
ca_file = ${certdir}/ca-migrated.pem
run:
# cd /etc/freeradius/3.0/certs/ # make ca.der # make printca # make dh # make server.pem # chown freerad:freerad * # service freeradius restart
