Difference between revisions of "Talk:Spacenet"

From Hackerspace ACKspace
Jump to: navigation, search
(found some interesting links)
 
(Generate new certificates:: new section)
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
[[User:Xopr|xopr]] 20:59, 9 October 2020 (CEST) I was triggered by a random [https://tweakers.net/nieuws/173130/consultatie-voor-gebruik-wpa2-enterprise-bij-publieke-overheidsnetwerken-begint.html tweakers article] also directing to another article with an [https://tweakers.net/nieuws/168986/driekwart-nederlandse-gemeenten-biedt-onveilige-wifi-gastnetwerken-aan.html?showReaction=14546094#r_14546094 informational comment] that pointed to a [https://www.youtube.com/watch?v=50fO3j4NgyQ youtube video] that triggered me to check some of the status.
 
[[User:Xopr|xopr]] 20:59, 9 October 2020 (CEST) I was triggered by a random [https://tweakers.net/nieuws/173130/consultatie-voor-gebruik-wpa2-enterprise-bij-publieke-overheidsnetwerken-begint.html tweakers article] also directing to another article with an [https://tweakers.net/nieuws/168986/driekwart-nederlandse-gemeenten-biedt-onveilige-wifi-gastnetwerken-aan.html?showReaction=14546094#r_14546094 informational comment] that pointed to a [https://www.youtube.com/watch?v=50fO3j4NgyQ youtube video] that triggered me to check some of the status.
 
Since it's not 'guest' related and has a certificate: it's all good, but I wanted to store the above links anyway.
 
Since it's not 'guest' related and has a certificate: it's all good, but I wanted to store the above links anyway.
 +
 +
== testing commandline ==
 +
 +
To test command line (with debug information and without setting up an actual accesspoint), one can use the following:
 +
 +
echo "User-Name=<USER>@ackspace.nl,User-Password=<CORRECT_PASS>"|/usr/bin/radclient <RADIUS_IP>:1812 auth <TOKEN>
 +
Sent Access-Request Id <SEQ> from 0.0.0.0:51116 to <RADIUS_IP>:1812 length <LEN>
 +
Received Access-Accept Id <SEQ> from <RADIUS_IP>:1812 to <LOCAL_IP>:51116 length 20
 +
 +
== Generate new certificates: ==
 +
 +
* Steps to check the certificate validity: <code>openssl x509 -text -noout -in ./spacenet-2023.pem</code> or simply: <code>openssl x509 -dates -noout -in ./spacenet-2023.pem</code>
 +
 +
I followed https://sjamso.blogspot.com/2021/03/regenerate-and-configure-ssl.html to clean up and fix the certificates:
 +
 +
<code>cp /usr/share/doc/freeradius/examples/certs/* /etc/freeradius/3.0/certs/</code>
 +
edit <code>/etc/freeradius/3.0/certs/ca.cnf</code>
 +
 +
<pre>
 +
[ CA_default ]
 +
...
 +
default_days            = 1825
 +
...
 +
[certificate_authority]
 +
countryName        = NL
 +
stateOrProvinceName = Limburg
 +
localityName        = Heerlen
 +
organizationName    = ACKspace
 +
emailAddress        = realm-admin@ackspace.nl
 +
commonName          = "ACKspace spacenet certificate authority"
 +
</pre>
 +
 +
edit <code>/etc/freeradius/3.0/certs/server.cnf</code>:
 +
 +
<pre>
 +
[ CA_default ]
 +
...
 +
default_days            = 1825
 +
...
 +
[server]
 +
countryName        = NL
 +
stateOrProvinceName = Limburg
 +
localityName        = Heerlen
 +
organizationName    = ACKspace
 +
emailAddress        = realm-admin@ackspace.nl
 +
commonName          = "ACKspace spacenet certificate"
 +
</pre>
 +
 +
check certificate references in <code>/etc/freeradius/3.0/mods-enabled/eap</code>:
 +
 +
<pre>
 +
tls-config tls-common {
 +
...
 +
private_key_file = ${certdir}/server-migrated.key
 +
certificate_file = ${certdir}/server-migrated.pem
 +
ca_file = ${certdir}/ca-migrated.pem
 +
</pre>
 +
 +
run:
 +
<pre>
 +
# cd /etc/freeradius/3.0/certs/
 +
# make ca.der
 +
# make printca
 +
# make dh
 +
# make server.pem
 +
# chown freerad:freerad *
 +
# service freeradius restart
 +
</pre>

Latest revision as of 12:08, 3 December 2023

xopr 20:59, 9 October 2020 (CEST) I was triggered by a random tweakers article also directing to another article with an informational comment that pointed to a youtube video that triggered me to check some of the status. Since it's not 'guest' related and has a certificate: it's all good, but I wanted to store the above links anyway.

testing commandline

To test command line (with debug information and without setting up an actual accesspoint), one can use the following: 

echo "User-Name=<USER>@ackspace.nl,User-Password=<CORRECT_PASS>"|/usr/bin/radclient <RADIUS_IP>:1812 auth <TOKEN>
Sent Access-Request Id <SEQ> from 0.0.0.0:51116 to <RADIUS_IP>:1812 length <LEN>
Received Access-Accept Id <SEQ> from <RADIUS_IP>:1812 to <LOCAL_IP>:51116 length 20

Generate new certificates:

  • Steps to check the certificate validity: openssl x509 -text -noout -in ./spacenet-2023.pem or simply: openssl x509 -dates -noout -in ./spacenet-2023.pem

I followed https://sjamso.blogspot.com/2021/03/regenerate-and-configure-ssl.html to clean up and fix the certificates:

cp /usr/share/doc/freeradius/examples/certs/* /etc/freeradius/3.0/certs/ edit /etc/freeradius/3.0/certs/ca.cnf 

[ CA_default ]
...
default_days            = 1825 
...
[certificate_authority]
countryName         = NL
stateOrProvinceName = Limburg
localityName        = Heerlen
organizationName    = ACKspace
emailAddress        = realm-admin@ackspace.nl
commonName          = "ACKspace spacenet certificate authority"

edit /etc/freeradius/3.0/certs/server.cnf: 

[ CA_default ]
...
default_days            = 1825 
...
[server]
countryName         = NL
stateOrProvinceName = Limburg
localityName        = Heerlen
organizationName    = ACKspace
emailAddress        = realm-admin@ackspace.nl
commonName          = "ACKspace spacenet certificate"

check certificate references in /etc/freeradius/3.0/mods-enabled/eap: 

tls-config tls-common {
...
private_key_file = ${certdir}/server-migrated.key
certificate_file = ${certdir}/server-migrated.pem
ca_file = ${certdir}/ca-migrated.pem

run: 

# cd /etc/freeradius/3.0/certs/
# make ca.der
# make printca
# make dh
# make server.pem
# chown freerad:freerad *
# service freeradius restart
Retrieved from "https://ackspace.nl/w/index.php?title=Talk:Spacenet&oldid=9632"