Difference between revisions of "Spacenet"
(Pythonscript ipv scary online cloudsolutions) |
(slightly wikified some parts: reorganized for quick navigation, add the 'Register' chapter) |
||
Line 1: | Line 1: | ||
__TOC__ | __TOC__ | ||
− | We haz spacenet. | + | We haz [http://spacefed.net/wiki/index.php/Spacenet spacenet]. |
− | + | == Certificate == | |
− | = | + | -----BEGIN CERTIFICATE----- |
+ | MIICvDCCAaQCCQCxaXLQG5/vsTANBgkqhkiG9w0BAQUFADAgMR4wHAYDVQQDExVy | ||
+ | YWRpdXMuYWNrc3BhY2UubG9jYWwwHhcNMTExMTIxMjAwMjI1WhcNMjExMTE4MjAw | ||
+ | MjI1WjAgMR4wHAYDVQQDExVyYWRpdXMuYWNrc3BhY2UubG9jYWwwggEiMA0GCSqG | ||
+ | SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0bIFcc/ChNW2WQScUimA0Rb+FqgqiBRUD | ||
+ | YVp41JVG2LZG6UWorYIk6Sm3nM5ysB3DyPOi6TQVscntO7xtb9IINELjPdPNpKBW | ||
+ | h44XHvxL2jlBGy1NfFIr8et7PPkU/OyeneL4Rx+eYB/X084vqw9iRQTmbrEnJP2s | ||
+ | a8iWxFcUZehJ+0TFDhOj44iTfGaF6x1J1UzaEy4N3etxwRjEHF4SnsVB/WndQrVR | ||
+ | gRVTfi42n5vMaXDuTt/VvcWRM07W9kuTJQecgXdik38eXFQ+bNqAWaqM3WA1y/Un | ||
+ | SNWHK4ikZdrvDjZceC6HEc7AjcXD3y2DyzkmgyZSTNyMj+YMCSd3AgMBAAEwDQYJ | ||
+ | KoZIhvcNAQEFBQADggEBAGIfSDy1ZbI+ULiZLDbOxUzI6jdSvwVk2ZdYj4WHdCNc | ||
+ | rOoRTvUr1UQMFdBwjmvIesQDXWNSRpb5FQxRG7XWBEH5EbEHTPrgM3tB41m0/L5/ | ||
+ | S8lguvTWyDLiUA3du7HSke5RI4YRjBwFyjDB4HmL3QUmbx5O9EZ6bKDQZ8hWx4of | ||
+ | 19Rz/ESV8j8K57LyX09EIqNap0h9H4D99KFTuITRZCQCkz5QX//JQvvCI9+SOSme | ||
+ | IT6xYVaF+vdaRSOZR7YJqt4ILAQR8hOUr8dBoHP57lOoC/cWkZtsS5YnjF1PvKbK | ||
+ | S49zoEg+BUz+iIl2vQgH/+LGQeJG3XaotKes+QBwfoM= | ||
+ | -----END CERTIFICATE----- | ||
− | + | == Connecting == | |
+ | Go to the chapter of your operating system below. | ||
− | == | + | === Linux === |
Copy & Paste the certificate above into a file and name it ackspace.pem | Copy & Paste the certificate above into a file and name it ackspace.pem | ||
Line 15: | Line 32: | ||
Put it in your own home folder. | Put it in your own home folder. | ||
+ | Linux WIFI settings : | ||
+ | * Wireless security : WPA & WPA2 Enterprise | ||
+ | * Authentication : Protected EAP (PEAP) | ||
+ | * Anonymous identity : <leeg> | ||
+ | * CA certificate : ackspace.pem | ||
+ | * PEAP version : automatic Inner | ||
+ | * Authentication : MSCHAPv2 | ||
+ | * Username : <user>'''@ackspace.nl''' | ||
+ | * Password : <password> | ||
− | + | === Windows 7 === | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | == Windows 7 == | ||
Windows 7 will either support EAP-MSCHAPv2 (username/password) or EAP-TLS (certificates) out-of-the-box. | Windows 7 will either support EAP-MSCHAPv2 (username/password) or EAP-TLS (certificates) out-of-the-box. | ||
Line 43: | Line 50: | ||
Depending on the configuration of your home-RADIUS you should either choose EAP-MSCHAPv2 or EAP-TLS. | Depending on the configuration of your home-RADIUS you should either choose EAP-MSCHAPv2 or EAP-TLS. | ||
− | == EAP-MSCHAPv2 == | + | === EAP-MSCHAPv2 === |
* SSID: spacenet | * SSID: spacenet | ||
* Security type: WPA2-Enterprise | * Security type: WPA2-Enterprise | ||
Line 67: | Line 74: | ||
[[Image:windows_mschap_5.png]] | [[Image:windows_mschap_5.png]] | ||
− | == EAP-TLS == | + | === EAP-TLS === |
* Make sure your device has a client certificate issued by your PKI | * Make sure your device has a client certificate issued by your PKI | ||
* SSID: spacenet | * SSID: spacenet | ||
Line 81: | Line 88: | ||
[[Image:windows_tls_2.png]] | [[Image:windows_tls_2.png]] | ||
− | == iOS == | + | === iOS === |
just use your username and password an accept the certificate. | just use your username and password an accept the certificate. | ||
+ | |||
+ | == How to register == | ||
+ | To use Spacenet, ACKspace needs to store an '''NTLM hash''' of your username and password you wish to use. | ||
+ | If you use the hashes generator, make sure you enter your username '''without''' the @ackspace.nl suffix and keep the salt empty. | ||
+ | |||
+ | Contact [[user:PsychiC|PsychiC]] or [[user:Vicarious|Vicarious]] if you'd wish to register. | ||
+ | [[Category:Howto/Spacenet]] | ||
== Info voor psy == | == Info voor psy == | ||
Line 100: | Line 114: | ||
print 'NTLM hash is', smbpasswd.nthash(passwd) | print 'NTLM hash is', smbpasswd.nthash(passwd) | ||
print 'both hashes at once = %s:%s (lm:nt)' % smbpasswd.hash(passwd) | print 'both hashes at once = %s:%s (lm:nt)' % smbpasswd.hash(passwd) | ||
− | |||
− | |||
− | |||
− |
Revision as of 09:53, 29 April 2012
Contents
We haz spacenet.
Certificate
-----BEGIN CERTIFICATE----- MIICvDCCAaQCCQCxaXLQG5/vsTANBgkqhkiG9w0BAQUFADAgMR4wHAYDVQQDExVy YWRpdXMuYWNrc3BhY2UubG9jYWwwHhcNMTExMTIxMjAwMjI1WhcNMjExMTE4MjAw MjI1WjAgMR4wHAYDVQQDExVyYWRpdXMuYWNrc3BhY2UubG9jYWwwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0bIFcc/ChNW2WQScUimA0Rb+FqgqiBRUD YVp41JVG2LZG6UWorYIk6Sm3nM5ysB3DyPOi6TQVscntO7xtb9IINELjPdPNpKBW h44XHvxL2jlBGy1NfFIr8et7PPkU/OyeneL4Rx+eYB/X084vqw9iRQTmbrEnJP2s a8iWxFcUZehJ+0TFDhOj44iTfGaF6x1J1UzaEy4N3etxwRjEHF4SnsVB/WndQrVR gRVTfi42n5vMaXDuTt/VvcWRM07W9kuTJQecgXdik38eXFQ+bNqAWaqM3WA1y/Un SNWHK4ikZdrvDjZceC6HEc7AjcXD3y2DyzkmgyZSTNyMj+YMCSd3AgMBAAEwDQYJ KoZIhvcNAQEFBQADggEBAGIfSDy1ZbI+ULiZLDbOxUzI6jdSvwVk2ZdYj4WHdCNc rOoRTvUr1UQMFdBwjmvIesQDXWNSRpb5FQxRG7XWBEH5EbEHTPrgM3tB41m0/L5/ S8lguvTWyDLiUA3du7HSke5RI4YRjBwFyjDB4HmL3QUmbx5O9EZ6bKDQZ8hWx4of 19Rz/ESV8j8K57LyX09EIqNap0h9H4D99KFTuITRZCQCkz5QX//JQvvCI9+SOSme IT6xYVaF+vdaRSOZR7YJqt4ILAQR8hOUr8dBoHP57lOoC/cWkZtsS5YnjF1PvKbK S49zoEg+BUz+iIl2vQgH/+LGQeJG3XaotKes+QBwfoM= -----END CERTIFICATE-----
Connecting
Go to the chapter of your operating system below.
Linux
Copy & Paste the certificate above into a file and name it ackspace.pem
Put it in your own home folder.
Linux WIFI settings :
- Wireless security : WPA & WPA2 Enterprise
- Authentication : Protected EAP (PEAP)
- Anonymous identity : <leeg>
- CA certificate : ackspace.pem
- PEAP version : automatic Inner
- Authentication : MSCHAPv2
- Username : <user>@ackspace.nl
- Password : <password>
Windows 7
Windows 7 will either support EAP-MSCHAPv2 (username/password) or EAP-TLS (certificates) out-of-the-box.
You should manually create a wireless network under "Manage wireless networks".
Depending on the configuration of your home-RADIUS you should either choose EAP-MSCHAPv2 or EAP-TLS.
EAP-MSCHAPv2
- SSID: spacenet
- Security type: WPA2-Enterprise
- Encryption type: AES
- Authentication: Microsoft: Protected EAP (PEAP)
- Validate server certificate (good practice)
- Connect to these servers: common-name of the certificate installed on your RADIUS server
- Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server
- Authentication method: secured passwords (EAP-MSCHAP v2)
- Do NOT use windows logon name and password (will probably not work for you)
- Use user authentication
- Save credentials: user@ackspace.nl with your password
EAP-TLS
- Make sure your device has a client certificate issued by your PKI
- SSID: spacenet
- Security type: WPA2-Enterprise
- Encryption type: AES
- Authentication: Microsoft: Smart Card or other certificate
- Validate server certificate (good practice)
- Connect to these servers: common-name of the certificate installed on your RADIUS server
- Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server
iOS
just use your username and password an accept the certificate.
How to register
To use Spacenet, ACKspace needs to store an NTLM hash of your username and password you wish to use. If you use the hashes generator, make sure you enter your username without the @ackspace.nl suffix and keep the salt empty.
Contact PsychiC or Vicarious if you'd wish to register.
Info voor psy
/etc/freeradius/users
www.insidepro.com/hashes.php { WARNING PASSWORD IS SENT IN PLAINTEXT}
NTLM: Python script (source https://code.google.com/p/py-smbpasswd/) [apt-get install | yum install] python-smbpasswd
import smbpasswd passwd = '$password' print 'LANMAN hash is', smbpasswd.lmhash(passwd) print 'NTLM hash is', smbpasswd.nthash(passwd) print 'both hashes at once = %s:%s (lm:nt)' % smbpasswd.hash(passwd)