Linux Voodoo Corporation
About Us 866.309.4617 Tracking Shopping Cart Checkout
Shop Account Customer Care Services Resources
Overview Books Mailing Lists Search Howtos
 
  You are here: » Main » Howto's Log In  | Financing  
Swartz Creek, Michigan: Linux Voodoo offers Linux consulting (and support) services (both free and commercial), Linux compatible hardware and software reviews and sales, Linux servers and desktop, the Voodoo Linux distribution and hardening systems, Linux driver development, Linux news,chat, message boards, Linux embedded jobs, security advisories, Linux howto's and newbie information. linux download red hat directpc direct pc linux linux software linux driver linux tutorial linux mandrake mandrake linux linux command netapp linux mount windows source decss linux game linux hp suse linux linux downloads linux firewall linux server linux programming linux red hat wine linux linux ppt linux operating system embedded linux linux distribution corel linux free linux free linux download linux help force 10baset linux linux laptop reset linux scsi d kill tape /proc linux router linux pda linux wallpaper red hat linux download linux kernel linux router project linux iso linux howto linux how to linux os linux application linux certification linux web hosting linux hosting linux modem peanut linux nokia rs 232 linux modem setting linux for window linux free download linux documentation project linux sms1 linux call back linux problem reading directory linux boot disk linux theme linux cluster linux closing port linux security dialogic linux linux emulator linux training linux startup dual boot window 2000 linux linux magazine linux auto rpm realtek rtl8019 linux driver download robomon linux linux estrutura de diretorios 3c589d config linux timeservice linux linux samba linux dvd player linux .ppt mplayer near download and linux red hat linux 7.2 linux mail server free linux software linux hardwarelinux anti virus redmond linux linux modem driver linux vpn pic microcontroller linux programmer aol for linux linux review linux wireless
contact us: abuse@flonetwork.com webmaster@flonetwork.com info@webmaster@flonetwork.com spampoision@lnxvoodoo.com noc@sprint.net webmaster@lnxvoodoo.com wlad@lnxvoodoo.com michelle@lnxvoodoo.com ryan@lnxvoodoo.com bryan@lnxvoodo.com rambo@lnxvoodoo.com senioreditor@lnxvoodoo.com editor@lnxvoodoo.com
WOW on Linux, yes our gaming systems do include World of Warcraft for Linux! Linux Voodoo Gaming systems include one copy of World of Warcraft, 1 year paid subscription to Transgaming.com so you can play over 200 popular Windows games on our linux systems. Too good to be true? Try it out for yourself.
  Start shopping
Notebooks
notebooks 

 

Desktops
desktops 

 

Servers
servers 

 

Appliances
appliances 

 

Accessories
accessories 

 

Software
software 
Howto's  
Supplicant: Setting up Xsupplicant
802.1X Port-Based Authentication HOWTO
PrevNext

4. Supplicant: Setting up Xsupplicant

The Supplicant is usually a laptop or other (wireless) device that requires authentication. Xsupplicant does the bidding of being the "Supplicant" part of the IEEE 802.1X-2001 standard.

4.1. Installing Xsupplicant

Installing Xsupplicant

  1. Download the latest source from from http://www.open1x.org/ 

    
    # cd /usr/local/src
    # wget http://belnet.dl.sourceforge.net/sourceforge/open1x/xsupplicant-1.0.tar.gz
    # tar zxfv xsupplicant-1.0.tar.gz
    # cd xsupplicant

  2. Configure, make, and install: 

    
    # ./configure
    # make
    # make install

  3. If the configuration file wasn't installed (copied) into the "etc" folder, do it manually: 

    
    # mkdir -p /usr/local/etc/1x
    # cp etc/tls-example.conf /usr/local/etc/1x

If installation fails, check the README and INSTALL files included with the source. You may also check out the official documentation.

4.2. Configuring Xsupplicant

Configuring Xsupplicant

  1. The Supplicant must have access to the root certificate.

    If the Supplicant needs to authenticate against the Authentication Server (authentication both ways), the Supplicant must have certificates as well.

    Create a certificate folder, and move the certificates into it: 

    
    # mkdir -p /usr/local/etc/1x/certs
    # cp root.pem /usr/local/etc/1x/certs/
    # (copy optional client certificate(s) into the same folder)

  2. Open and edit the configuration file: 

    
   # startup_command: the command to run when Xsupplicant is first started.
   #   This command can do things such as configure the card to associate with
   #   the network properly.
   startup_command = <BEGIN_COMMAND>/usr/local/etc/1x/startup.sh<END_COMMAND>

    The startup.sh will be created shortly.

  3. When the client is authenticated, it will transmit a DHCP request or manually set an IP address. Here, the Supplicant sets its IP address manually in startup2.sh: 

    
   # first_auth_command: the command to run when Xsupplicant authenticates to
   #   a wireless network for the first time.  This will usually be used to
   #   start a DHCP client process.
   #first_auth_command = <BEGIN_COMMAND>dhclient %i<END_COMMAND>
   first_auth_command = <BEGIN_COMMAND>/usr/local/etc/1x/startup2.sh<END_COMMAND>

  4. Since "-i" is just for debugging purpose (and may go away according to the developers), "allow_interfaces" must be set: 

    
   allow_interfaces = eth0
   deny_interfaces = eth1

  5. Next, under the "NETWORK SECTION", we'll configure PEAP: 

    
   # We'll be using PEAP
   allow_types = eap_peap

   # Don't want any eavesdropper to learn the username during the
   # first phase (which is unencrypted), so 'identity hiding' is 
   # used (using a bogus username).
   identity = <BEGIN_ID>anonymous<END_ID>

   eap-peap {
      # As in tls, define either a root certificate or a directory
      # containing root certificates.
      root_cert = /usr/local/etc/1x/certs/root.pem
      #root_dir = /path/to/root/certificate/dir
      #crl_dir = /path/to/dir/with/crl
      chunk_size = 1398
      random_file = /dev/urandom
      #cncheck = myradius.radius.com   # Verify that the server certificate
                                       # has this value in its CN field.
      #cnexact = yes                   # Should it be an exact match?
      session_resume = yes

      # Currently 'all' is just mschapv2.
      # If no allow_types is defined, all is assumed.
      #allow_types = all # where all = MSCHAPv2, MD5, OTP, GTC, SIM
      allow_types = eap_mschapv2

      # Right now, you can do any of these methods in PEAP:
      eap-mschapv2 {
        username = <BEGIN_UNAME>testuser<END_UNAME>
        password = <BEGIN_PASS>Secret149<END_PASS>
      }
   }

  6. The Supplicant must first associate with the access point. The script startup.sh does that job. It is also the first command Xsupplicant executes.

    Note

    Notice the bogus key we give to iwconfig (enc 000000000)! This key is used to tell the driver to run in encrypted mode. The key gets replaced after successful authentication. This can be set to enc off only if encryption is disabled in the AP (for testing purposes).

    Both startup.sh and startup2.sh must be saved under /usr/local/etc/1x/. 

    
   #!/bin/bash
   echo "Starting startup.sh"
   # Take down interface (if it's up)
   /sbin/ifconfig eth0 down
   # To make sure the routes are flushed
   sleep 1
   # Configuring the interface with a bogus key
   /sbin/iwconfig eth0 mode managed essid testnet enc 000000000
   # Bring the interface up and make sure it listens to multicast packets
   /sbin/ifconfig eth0 allmulti up
   echo "Finished startup.sh"

  7. This next file is used to set the IP address statically. This can be omitted if a DHCP server is present (as it typically is, in many access points). 

    
   #!/bin/bash
   echo "Starting startup2.sh"
   # Assigning an IP address
   /sbin/ifconfig eth0 192.168.1.5 netmask 255.255.255.0
   echo "Finished startup2.sh"
PrevHomeNext
Authentication Server: Setting up FreeRADIUS Authenticator: Setting up the Authenticator (Access Point)
Continue
 



P
System Builder

Now Shipping from: California - Florida - Georgia - Massachusetts - Michigan - New Jersey - Pennsylvania - Tennessee - Texas
We only ship within the USA and APO's.
We do not ship on national US holidays or on weekends.
Linux Voodoo RSS Store Feed
About Us  |  Contact Us  |  Conditions of Use  |  Privacy Notice  |  Warranty & Returns  |  Employment |  PHP HTML Form Builder

Copyright © 2003, Linux Voodoo Corporation All rights reserved. Linux is a trademark of Linus Torvalds.
email-addresses
Asterisk Debian Linux, WOW on Linux, yes our gaming systems do include World of Warcraft for Linux! Linux Voodoo Gaming systems include one copy of World of Warcraft, 1 year paid subscription to Transgaming.com so you can play over 200 popular Windows games on our linux systems. Too good to be true? Try it out for yourself.