Difference between revisions of "Spacenet"

From Hackerspace ACKspace
Jump to: navigation, search
(Pythonscript ipv scary online cloudsolutions)
(slightly wikified some parts: reorganized for quick navigation, add the 'Register' chapter)
Line 1: Line 1:
 
__TOC__
 
__TOC__
  
We haz spacenet.  
+
We haz [http://spacefed.net/wiki/index.php/Spacenet spacenet].
  
<br> http://spacefed.net/wiki/index.php/Spacenet
+
== Certificate ==
  
== Certificate ==
+
-----BEGIN CERTIFICATE-----
 +
MIICvDCCAaQCCQCxaXLQG5/vsTANBgkqhkiG9w0BAQUFADAgMR4wHAYDVQQDExVy
 +
YWRpdXMuYWNrc3BhY2UubG9jYWwwHhcNMTExMTIxMjAwMjI1WhcNMjExMTE4MjAw
 +
MjI1WjAgMR4wHAYDVQQDExVyYWRpdXMuYWNrc3BhY2UubG9jYWwwggEiMA0GCSqG
 +
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0bIFcc/ChNW2WQScUimA0Rb+FqgqiBRUD
 +
YVp41JVG2LZG6UWorYIk6Sm3nM5ysB3DyPOi6TQVscntO7xtb9IINELjPdPNpKBW
 +
h44XHvxL2jlBGy1NfFIr8et7PPkU/OyeneL4Rx+eYB/X084vqw9iRQTmbrEnJP2s
 +
a8iWxFcUZehJ+0TFDhOj44iTfGaF6x1J1UzaEy4N3etxwRjEHF4SnsVB/WndQrVR
 +
gRVTfi42n5vMaXDuTt/VvcWRM07W9kuTJQecgXdik38eXFQ+bNqAWaqM3WA1y/Un
 +
SNWHK4ikZdrvDjZceC6HEc7AjcXD3y2DyzkmgyZSTNyMj+YMCSd3AgMBAAEwDQYJ
 +
KoZIhvcNAQEFBQADggEBAGIfSDy1ZbI+ULiZLDbOxUzI6jdSvwVk2ZdYj4WHdCNc
 +
rOoRTvUr1UQMFdBwjmvIesQDXWNSRpb5FQxRG7XWBEH5EbEHTPrgM3tB41m0/L5/
 +
S8lguvTWyDLiUA3du7HSke5RI4YRjBwFyjDB4HmL3QUmbx5O9EZ6bKDQZ8hWx4of
 +
19Rz/ESV8j8K57LyX09EIqNap0h9H4D99KFTuITRZCQCkz5QX//JQvvCI9+SOSme
 +
IT6xYVaF+vdaRSOZR7YJqt4ILAQR8hOUr8dBoHP57lOoC/cWkZtsS5YnjF1PvKbK
 +
S49zoEg+BUz+iIl2vQgH/+LGQeJG3XaotKes+QBwfoM=
 +
-----END CERTIFICATE-----
  
<br>-----BEGIN CERTIFICATE-----<br>MIICvDCCAaQCCQCxaXLQG5/vsTANBgkqhkiG9w0BAQUFADAgMR4wHAYDVQQDExVy<br>YWRpdXMuYWNrc3BhY2UubG9jYWwwHhcNMTExMTIxMjAwMjI1WhcNMjExMTE4MjAw<br>MjI1WjAgMR4wHAYDVQQDExVyYWRpdXMuYWNrc3BhY2UubG9jYWwwggEiMA0GCSqG<br>SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0bIFcc/ChNW2WQScUimA0Rb+FqgqiBRUD<br>YVp41JVG2LZG6UWorYIk6Sm3nM5ysB3DyPOi6TQVscntO7xtb9IINELjPdPNpKBW<br>h44XHvxL2jlBGy1NfFIr8et7PPkU/OyeneL4Rx+eYB/X084vqw9iRQTmbrEnJP2s<br>a8iWxFcUZehJ+0TFDhOj44iTfGaF6x1J1UzaEy4N3etxwRjEHF4SnsVB/WndQrVR<br>gRVTfi42n5vMaXDuTt/VvcWRM07W9kuTJQecgXdik38eXFQ+bNqAWaqM3WA1y/Un<br>SNWHK4ikZdrvDjZceC6HEc7AjcXD3y2DyzkmgyZSTNyMj+YMCSd3AgMBAAEwDQYJ<br>KoZIhvcNAQEFBQADggEBAGIfSDy1ZbI+ULiZLDbOxUzI6jdSvwVk2ZdYj4WHdCNc<br>rOoRTvUr1UQMFdBwjmvIesQDXWNSRpb5FQxRG7XWBEH5EbEHTPrgM3tB41m0/L5/<br>S8lguvTWyDLiUA3du7HSke5RI4YRjBwFyjDB4HmL3QUmbx5O9EZ6bKDQZ8hWx4of<br>19Rz/ESV8j8K57LyX09EIqNap0h9H4D99KFTuITRZCQCkz5QX//JQvvCI9+SOSme<br>IT6xYVaF+vdaRSOZR7YJqt4ILAQR8hOUr8dBoHP57lOoC/cWkZtsS5YnjF1PvKbK<br>S49zoEg+BUz+iIl2vQgH/+LGQeJG3XaotKes+QBwfoM=<br>-----END CERTIFICATE-----
+
== Connecting ==
 +
Go to the chapter of your operating system below.
  
== 4 Linux ==  
+
=== Linux ===
  
 
Copy &amp; Paste the certificate above into a file and name it ackspace.pem  
 
Copy &amp; Paste the certificate above into a file and name it ackspace.pem  
Line 15: Line 32:
 
Put it in your own home folder.  
 
Put it in your own home folder.  
  
 +
Linux WIFI settings&nbsp;:
 +
* Wireless security&nbsp;: WPA &amp; WPA2 Enterprise
 +
* Authentication&nbsp;: Protected EAP (PEAP)
 +
* Anonymous identity&nbsp;: &lt;leeg&gt;
 +
* CA certificate&nbsp;: ackspace.pem
 +
* PEAP version&nbsp;: automatic Inner
 +
* Authentication&nbsp;: MSCHAPv2
 +
* Username&nbsp;: &lt;user&gt;'''@ackspace.nl'''
 +
* Password&nbsp;: &lt;password&gt;
  
 
+
=== Windows 7 ===
Linux WIFI settings&nbsp;:
 
 
 
Wireless security&nbsp;: WPA &amp; WPA2 Enterprise
 
 
 
Authentication&nbsp;: Protected EAP (PEAP)
 
 
 
Anonymous identity&nbsp;: &lt;leeg&gt;
 
 
 
CA certificate&nbsp;: ackspace.pem
 
 
 
PEAP version&nbsp;: automatic Inner
 
 
 
Authentication&nbsp;: MSCHAPv2
 
 
 
Username&nbsp;: &lt;user&gt;@ackspace.nl
 
 
 
Password&nbsp;: &lt;password&gt;
 
 
 
== Windows 7 ==
 
  
 
Windows 7 will either support EAP-MSCHAPv2 (username/password) or EAP-TLS (certificates) out-of-the-box.
 
Windows 7 will either support EAP-MSCHAPv2 (username/password) or EAP-TLS (certificates) out-of-the-box.
Line 43: Line 50:
 
Depending on the configuration of your home-RADIUS you should either choose EAP-MSCHAPv2 or EAP-TLS.
 
Depending on the configuration of your home-RADIUS you should either choose EAP-MSCHAPv2 or EAP-TLS.
  
== EAP-MSCHAPv2 ==
+
=== EAP-MSCHAPv2 ===
 
* SSID: spacenet
 
* SSID: spacenet
 
* Security type: WPA2-Enterprise
 
* Security type: WPA2-Enterprise
Line 67: Line 74:
 
[[Image:windows_mschap_5.png]]
 
[[Image:windows_mschap_5.png]]
  
== EAP-TLS ==
+
=== EAP-TLS ===
 
* Make sure your device has a client certificate issued by your PKI
 
* Make sure your device has a client certificate issued by your PKI
 
* SSID: spacenet
 
* SSID: spacenet
Line 81: Line 88:
 
[[Image:windows_tls_2.png]]
 
[[Image:windows_tls_2.png]]
  
== iOS ==
+
=== iOS ===
  
 
just use your username and password an accept the certificate.
 
just use your username and password an accept the certificate.
 +
 +
== How to register ==
 +
To use Spacenet, ACKspace needs to store an '''NTLM hash''' of your username and password you wish to use.
 +
If you use the hashes generator, make sure you enter your username '''without''' the @ackspace.nl suffix and keep the salt empty.
 +
 +
Contact [[user:PsychiC|PsychiC]] or [[user:Vicarious|Vicarious]] if you'd wish to register.
 +
[[Category:Howto/Spacenet]]
  
 
== Info voor psy ==
 
== Info voor psy ==
Line 100: Line 114:
 
   print 'NTLM hash is', smbpasswd.nthash(passwd)
 
   print 'NTLM hash is', smbpasswd.nthash(passwd)
 
   print 'both hashes at once = %s:%s (lm:nt)' % smbpasswd.hash(passwd)
 
   print 'both hashes at once = %s:%s (lm:nt)' % smbpasswd.hash(passwd)
 
 
 
[[Category:Howto/Spacenet]]
 

Revision as of 09:53, 29 April 2012

We haz spacenet.

Certificate

-----BEGIN CERTIFICATE-----
MIICvDCCAaQCCQCxaXLQG5/vsTANBgkqhkiG9w0BAQUFADAgMR4wHAYDVQQDExVy
YWRpdXMuYWNrc3BhY2UubG9jYWwwHhcNMTExMTIxMjAwMjI1WhcNMjExMTE4MjAw
MjI1WjAgMR4wHAYDVQQDExVyYWRpdXMuYWNrc3BhY2UubG9jYWwwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0bIFcc/ChNW2WQScUimA0Rb+FqgqiBRUD
YVp41JVG2LZG6UWorYIk6Sm3nM5ysB3DyPOi6TQVscntO7xtb9IINELjPdPNpKBW
h44XHvxL2jlBGy1NfFIr8et7PPkU/OyeneL4Rx+eYB/X084vqw9iRQTmbrEnJP2s
a8iWxFcUZehJ+0TFDhOj44iTfGaF6x1J1UzaEy4N3etxwRjEHF4SnsVB/WndQrVR
gRVTfi42n5vMaXDuTt/VvcWRM07W9kuTJQecgXdik38eXFQ+bNqAWaqM3WA1y/Un
SNWHK4ikZdrvDjZceC6HEc7AjcXD3y2DyzkmgyZSTNyMj+YMCSd3AgMBAAEwDQYJ
KoZIhvcNAQEFBQADggEBAGIfSDy1ZbI+ULiZLDbOxUzI6jdSvwVk2ZdYj4WHdCNc
rOoRTvUr1UQMFdBwjmvIesQDXWNSRpb5FQxRG7XWBEH5EbEHTPrgM3tB41m0/L5/
S8lguvTWyDLiUA3du7HSke5RI4YRjBwFyjDB4HmL3QUmbx5O9EZ6bKDQZ8hWx4of
19Rz/ESV8j8K57LyX09EIqNap0h9H4D99KFTuITRZCQCkz5QX//JQvvCI9+SOSme
IT6xYVaF+vdaRSOZR7YJqt4ILAQR8hOUr8dBoHP57lOoC/cWkZtsS5YnjF1PvKbK
S49zoEg+BUz+iIl2vQgH/+LGQeJG3XaotKes+QBwfoM=
-----END CERTIFICATE----- 

Connecting

Go to the chapter of your operating system below.

Linux

Copy & Paste the certificate above into a file and name it ackspace.pem

Put it in your own home folder.

Linux WIFI settings :

  • Wireless security : WPA & WPA2 Enterprise
  • Authentication : Protected EAP (PEAP)
  • Anonymous identity : <leeg>
  • CA certificate : ackspace.pem
  • PEAP version : automatic Inner
  • Authentication : MSCHAPv2
  • Username : <user>@ackspace.nl
  • Password : <password>

Windows 7

Windows 7 will either support EAP-MSCHAPv2 (username/password) or EAP-TLS (certificates) out-of-the-box.

You should manually create a wireless network under "Manage wireless networks".

Depending on the configuration of your home-RADIUS you should either choose EAP-MSCHAPv2 or EAP-TLS.

EAP-MSCHAPv2

  • SSID: spacenet
  • Security type: WPA2-Enterprise
  • Encryption type: AES
  • Authentication: Microsoft: Protected EAP (PEAP)
  • Validate server certificate (good practice)
    • Connect to these servers: common-name of the certificate installed on your RADIUS server
    • Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server
  • Authentication method: secured passwords (EAP-MSCHAP v2)
    • Do NOT use windows logon name and password (will probably not work for you)
  • Use user authentication
    • Save credentials: user@ackspace.nl with your password


Windows mschap 1.png

Windows mschap 2.png

Windows mschap 3.png

Windows mschap 4.png

Windows mschap 5.png

EAP-TLS

  • Make sure your device has a client certificate issued by your PKI
  • SSID: spacenet
  • Security type: WPA2-Enterprise
  • Encryption type: AES
  • Authentication: Microsoft: Smart Card or other certificate
  • Validate server certificate (good practice)
    • Connect to these servers: common-name of the certificate installed on your RADIUS server
    • Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server

Windows tls 1.png

Windows tls 2.png

iOS

just use your username and password an accept the certificate.

How to register

To use Spacenet, ACKspace needs to store an NTLM hash of your username and password you wish to use. If you use the hashes generator, make sure you enter your username without the @ackspace.nl suffix and keep the salt empty.

Contact PsychiC or Vicarious if you'd wish to register.

Info voor psy

/etc/freeradius/users

www.insidepro.com/hashes.php { WARNING PASSWORD IS SENT IN PLAINTEXT}

NTLM: Python script (source https://code.google.com/p/py-smbpasswd/) [apt-get install | yum install] python-smbpasswd

 import smbpasswd
 passwd = '$password'
 print 'LANMAN hash is', smbpasswd.lmhash(passwd)               
 print 'NTLM hash is', smbpasswd.nthash(passwd)
 print 'both hashes at once = %s:%s (lm:nt)' % smbpasswd.hash(passwd)