Difference between revisions of "Spacenet"
m (added project form, changed category) |
(updated spacenet info) |
||
| Line 10: | Line 10: | ||
== Certificate == | == Certificate == | ||
| − | + | {{InfoBox | |
| − | + | |Type=alert | |
| − | + | |Title=NOTE | |
| − | + | |Text=We have this new certificate (since April 2015) | |
| − | + | |Float=none | |
| − | + | |Clear=none | |
| − | + | |Width=30em | |
| − | + | |Background=#f7fff7 | |
| − | + | }} | |
| − | + | the certificate, as from /etc/freeradius/certs/server.pem | |
| − | + | {{ACKspaceNetCert}} | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== Connecting == | == Connecting == | ||
| Line 34: | Line 27: | ||
=== Linux === | === Linux === | ||
| − | Copy & | + | Copy & Paste the certificate above into a file and name it ackspace.pem |
Put it in your own home folder. | Put it in your own home folder. | ||
| − | Linux WIFI settings | + | Linux WIFI settings: |
| − | + | ||
| − | + | {| class="wikitable" | |
| − | + | ! scope="col" | field | |
| − | + | ! scope="col" | setting | |
| − | + | |- | |
| − | + | | Network name || spacenet and/or spacenet_5GHz | |
| − | + | |- | |
| − | + | | Wireless security || WPA & WPA2 Enterprise | |
| + | |- | ||
| + | | Authentication || Tunneled TLS (TTLS), or PEAP | ||
| + | |- | ||
| + | | Anonymous identity || anonymous@ackspace.nl | ||
| + | |- | ||
| + | | CA certificate || ackspace.pem | ||
| + | |- | ||
| + | | PEAP version (optional) || automatic Inner | ||
| + | |- | ||
| + | | Inner authentication || PAP, or MSCHAPv2 | ||
| + | |- | ||
| + | | Username || <user>'''@ackspace.nl''' | ||
| + | |- | ||
| + | | Password || you should know this | ||
| + | |} | ||
| + | |||
| + | [[Image:linux spacenet connect dialog.png|400px]] | ||
=== Windows 7 === | === Windows 7 === | ||
| Line 52: | Line 62: | ||
<Da_Syntax> | <Da_Syntax> | ||
| − | Windows 7 uses ntlm v2 and will fail trying to authenticate with the router. | + | :Windows 7 uses ntlm v2 and will fail trying to authenticate with the router. |
| − | + | :In order to fix this run (win+'r') "secpol.msc" and do the following: | |
| − | In order to fix this run (win+'r') "secpol.msc" and do the following: | + | :Open "Local Policies" > "Security Options" > "Network Security: LAN Manager authentication level" |
| − | + | :and select "Send LM & NTLM - use NTLMv2 session security if negotiated" from the dropdown box | |
| − | Open "Local Policies" > "Security Options" > "Network Security: LAN Manager authentication level" | + | :Press Ok, reboot ... profit!! |
| − | |||
| − | and select "Send LM & NTLM - use NTLMv2 session security if negotiated" from the dropdown box | ||
| − | |||
| − | Press Ok, reboot ... profit!! | ||
</Da_Syntax> | </Da_Syntax> | ||
| Line 125: | Line 131: | ||
If you use the hashes generator, make sure you enter your password without username or domain etc. | If you use the hashes generator, make sure you enter your password without username or domain etc. | ||
| − | Contact [[user:PsychiC|PsychiC]] | + | Contact [[user:PsychiC|PsychiC]], [[user:Vicarious|Vicarious]] or [[User:Xopr|Xopr]] if you'd wish to register. |
[[Category:Information]] | [[Category:Information]] | ||
| − | == Info | + | == Info for freeradius admin == |
| + | |||
| + | edit /etc/freeradius/users | ||
| + | Add either one of lines | ||
| + | :noobuser Cleartext-Password := "foobar123" | ||
| + | :leetuser NT-Password := "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" | ||
| + | |||
| − | |||
www.insidepro.com/hashes.php { WARNING PASSWORD IS SENT IN PLAINTEXT} | www.insidepro.com/hashes.php { WARNING PASSWORD IS SENT IN PLAINTEXT} | ||
| Line 146: | Line 157: | ||
== Available SSID's == | == Available SSID's == | ||
| − | + | {| class="wikitable" | |
| − | + | ! scope="col" | SSID | |
| − | + | ! scope="col" | description | |
| − | + | |- | |
| − | + | | spacenet || rowspan="2" | spacenet | |
| − | + | |- | |
| + | | spacenet_5GHz | ||
| + | |- | ||
| + | | ackspacewifi || Needs WPA key (nospacenet) | ||
| + | |} | ||
Revision as of 22:23, 23 April 2015
| Project: Spacenet | |
|---|---|
| Featured: | |
| State | Completed |
| Members | |
| GitHub | No GitHub project defined. Add your project here. |
| Description | Connect to an encrypted accesspoint using your own credentials in every hackerspace |
| Picture | |
| No project picture! Fill in form Picture or Upload a jpeg here | |
Contents
We haz spacenet.
Certificate
NOTE
We have this new certificate (since April 2015)
the certificate, as from /etc/freeradius/certs/server.pem
-----BEGIN CERTIFICATE----- MIIDBjCCAe6gAwIBAgIUPNOYqWrcqQkZt63WzVOz2mE21igwDQYJKoZIhvcNAQEL BQAwIzEhMB8GA1UEAwwYdi0xLjI4MzQ1LnZwc2NvbnRyb2wubmV0MB4XDTIxMDMx MzIyNDgyMloXDTMxMDMxMTIyNDgyMlowIzEhMB8GA1UEAwwYdi0xLjI4MzQ1LnZw c2NvbnRyb2wubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiVB khJJqglAfRdPJr0nVspZdm9DoCD0XidkOW1Tj7Q1pfQHLs0lGA/aIQqofw8W+tkR BjJNb0mOprhltAFW68Y/qgeGWuOzyp8xrZGP6jA1xQRPFbUUCV2ZG6avwJUTYZoF 1TwCo0UpsCQRmpjMgMfBdlBKKaqO2kr2q7SbT/QnDX04+E7B1cnfdfCSobOBiitD 6HX/D19l6bryriMhaz42SWd6CbpRY1Qac7bCNbJ0Re5cyjvkJvojnDp12MMMoyVg QeTxQ4V+Z8HOmzthtFZNGFnLn0YAVIGLDBwhWodX8p51D+DPY5uIR6cR3Eiphd5h 1jpmA5IYB+Dw4X0W9wIDAQABozIwMDAJBgNVHRMEAjAAMCMGA1UdEQQcMBqCGHYt MS4yODM0NS52cHNjb250cm9sLm5ldDANBgkqhkiG9w0BAQsFAAOCAQEAngk8xf8R k6LTohmNbViDtggdSBhHwJRvGytVcsPNgyP/TUW2fPhVOMSg6iU4U95U1CEMXfIG DaeNfRg9bDqfGzvtK/KTET7kxLM7IzCHHuHEd4t6N0wlArTIZHFROLQ9pqAV7BIw nlurPVxOYVEb9PPtEYk+qcJRlB7lamTOyvMecjiFV1BXjpmO4nMeQ5vu8gT8hi0y xfyNEDZSYm1UCWqc/mFuOIbpOHzaNngh/pfVu30kSEMUS4L0wLP7Ju/QnOOy/jKF wxRlSPlHvDV910rlZlbi6G0XgH8MpIrPFhJnvbXUME0p0524iPsCUyJIh9X2Te07 NApMIN43u3sTJA== -----END CERTIFICATE-----
Connecting
Go to the chapter of your operating system below.
Linux
Copy & Paste the certificate above into a file and name it ackspace.pem
Put it in your own home folder.
Linux WIFI settings:
| field | setting |
|---|---|
| Network name | spacenet and/or spacenet_5GHz |
| Wireless security | WPA & WPA2 Enterprise |
| Authentication | Tunneled TLS (TTLS), or PEAP |
| Anonymous identity | anonymous@ackspace.nl |
| CA certificate | ackspace.pem |
| PEAP version (optional) | automatic Inner |
| Inner authentication | PAP, or MSCHAPv2 |
| Username | <user>@ackspace.nl |
| Password | you should know this |
Windows 7
<Da_Syntax>
- Windows 7 uses ntlm v2 and will fail trying to authenticate with the router.
- In order to fix this run (win+'r') "secpol.msc" and do the following:
- Open "Local Policies" > "Security Options" > "Network Security: LAN Manager authentication level"
- and select "Send LM & NTLM - use NTLMv2 session security if negotiated" from the dropdown box
- Press Ok, reboot ... profit!!
</Da_Syntax>
Windows 7 will either support EAP-MSCHAPv2 (username/password) or EAP-TLS (certificates) out-of-the-box.
You should manually create a wireless network under "Manage wireless networks".
Depending on the configuration of your home-RADIUS you should either choose EAP-MSCHAPv2 or EAP-TLS.
EAP-MSCHAPv2
- SSID: spacenet
- Security type: WPA2-Enterprise
- Encryption type: AES
- Authentication: Microsoft: Protected EAP (PEAP)
DO NOT USE CERTIFICATE WITH WINDOWS.
DO NOT ENTER RADIUS NAME OR IP.
- Validate server certificate (good practice)
- Connect to these servers: common-name of the certificate installed on your RADIUS server
- Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server
- Authentication method: secured passwords (EAP-MSCHAP v2)
- Do NOT use windows logon name and password (will probably not work for you)
- Use user authentication
- Save credentials: user@ackspace.nl with your password
EAP-TLS
- Make sure your device has a client certificate issued by your PKI
- SSID: spacenet
- Security type: WPA2-Enterprise
- Encryption type: AES
- Authentication: Microsoft: Smart Card or other certificate
- Validate server certificate (good practice)
- Connect to these servers: common-name of the certificate installed on your RADIUS server
- Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server
iOS
just use your username and password an accept the certificate.
How to register
To use Spacenet, ACKspace needs to store your plain text username (the part before @ackspace.nl) and an NTLM hash of your password you wish to use. If you use the hashes generator, make sure you enter your password without username or domain etc.
Contact PsychiC, Vicarious or Xopr if you'd wish to register.
Info for freeradius admin
edit /etc/freeradius/users Add either one of lines
- noobuser Cleartext-Password := "foobar123"
- leetuser NT-Password := "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
www.insidepro.com/hashes.php { WARNING PASSWORD IS SENT IN PLAINTEXT}
NTLM: Python script (source https://code.google.com/p/py-smbpasswd/) [apt-get install | yum install] python-smbpasswd
import smbpasswd passwd = '$password' print 'LANMAN hash is', smbpasswd.lmhash(passwd) print 'NTLM hash is', smbpasswd.nthash(passwd) print 'both hashes at once = %s:%s (lm:nt)' % smbpasswd.hash(passwd)
Available SSID's
| SSID | description |
|---|---|
| spacenet | spacenet |
| spacenet_5GHz | |
| ackspacewifi | Needs WPA key (nospacenet) |
