Difference between revisions of "Spacenet"

Revision as of 20:39, 4 May 2012

Certificate

Connecting

Go to the chapter of your operating system below.

Linux

Copy & Paste the certificate above into a file and name it ackspace.pem

Put it in your own home folder.

Linux WIFI settings :

Wireless security : WPA & WPA2 Enterprise
Authentication : Protected EAP (PEAP)
Anonymous identity : <leeg>
CA certificate : ackspace.pem
PEAP version : automatic Inner
Authentication : MSCHAPv2
Username : <user>@ackspace.nl
Password : <password>

Windows 7

<Da_Syntax>

Windows 7 uses ntlm v2 and will fail trying to authenticate with the router.

In order to fix this run (win+'r') "secpol.msc" and do the following:

Open "Local Policies" > "Security Options" > "Network Security: LAN Manager authentication level"

and select "Send LM & NTLM - use NTLMv2 session security if negotiated" from the dropdown box

Press Ok, reboot ... profit!!

</Da_Syntax>

Windows 7 will either support EAP-MSCHAPv2 (username/password) or EAP-TLS (certificates) out-of-the-box.

You should manually create a wireless network under "Manage wireless networks".

Depending on the configuration of your home-RADIUS you should either choose EAP-MSCHAPv2 or EAP-TLS.

EAP-MSCHAPv2

SSID: spacenet
Security type: WPA2-Enterprise
Encryption type: AES
Authentication: Microsoft: Protected EAP (PEAP)

DO NOT USE CERTIFICATE WITH WINDOWS.

DO NOT ENTER RADIUS NAME OR IP.

Validate server certificate (good practice)
- Connect to these servers: common-name of the certificate installed on your RADIUS server
- Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server
Authentication method: secured passwords (EAP-MSCHAP v2)
- Do NOT use windows logon name and password (will probably not work for you)
Use user authentication
- Save credentials: user@ackspace.nl with your password

EAP-TLS

Make sure your device has a client certificate issued by your PKI
SSID: spacenet
Security type: WPA2-Enterprise
Encryption type: AES
Authentication: Microsoft: Smart Card or other certificate
Validate server certificate (good practice)
- Connect to these servers: common-name of the certificate installed on your RADIUS server
- Trusted root certification authorities: select the CA which signed the certificate installed on your RADIUS server

iOS

just use your username and password an accept the certificate.

How to register

To use Spacenet, ACKspace needs to store your plain text username (the part before @ackspace.nl) and an NTLM hash of your password you wish to use. If you use the hashes generator, make sure you enter your password without username or domain etc.

Contact PsychiC or Vicarious if you'd wish to register.

Info voor psy

/etc/freeradius/users

www.insidepro.com/hashes.php { WARNING PASSWORD IS SENT IN PLAINTEXT}

NTLM: Python script (source https://code.google.com/p/py-smbpasswd/) [apt-get install | yum install] python-smbpasswd

 import smbpasswd
 passwd = '$password'
 print 'LANMAN hash is', smbpasswd.lmhash(passwd)               
 print 'NTLM hash is', smbpasswd.nthash(passwd)
 print 'both hashes at once = %s:%s (lm:nt)' % smbpasswd.hash(passwd)

@@ Line 71: / Line 71: @@
 * Encryption type: AES
 * Authentication: Microsoft: Protected EAP (PEAP)
+DO NOT USE CERTIFICATE WITH WINDOWS.
+DO NOT ENTER RADIUS NAME OR IP.
 * Validate server certificate (good practice)
 ** Connect to these servers: common-name of the certificate installed on your RADIUS server

Difference between revisions of "Spacenet"

Revision as of 20:39, 4 May 2012

Contents

Certificate

Connecting

Linux

Windows 7

EAP-MSCHAPv2

EAP-TLS

iOS

How to register

Info voor psy

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools