SRU Test Case [ Provided by Craig Balfour]:
Install Software ---------------- apt-get install samba winbind krb5-user freeradius
Configure Kerberos ------------------
Edit /etc/krb5.conf: [realms]
EXAMPLE.CO.ZA = { kdc = server1.example.co.za kdc = server2.example.co.za admin_server = server1.example.co.za }
[domain_realm] .example.co.za = EXAMPLE.CO.ZA example.co.za = EXAMPLE.CO.ZA
Configure Samba ---------------
Edit /etc/samba/smb.conf:
workgroup = EXAMPLE security = ads realm = EXAMPLE.CO.ZA
Join Samba to Active Directory Domain -------------------------------------
net join -U Administrator
service winbind restart service smbd restart
Configure freeradius --------------------
Edit /etc/freeradius/modules/mschap:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-EXAMPLE} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
addgroup freerad winbindd_priv
service freeradius restart
Install and Configure rad_eap_test ---------------------------------- apt-get install libssl-dev
Download http://hostap.epitest.fi/releases/wpa_supplicant-0.7.3.tar.gz tar zxvof wpa_supplicant-0.7.3.tar.gz cd wpa_supplicant-0.7.3/wpa_supplicant
Create .config: CONFIG_IEEE8021X_EAPOL=y CONFIG_EAP_MSCHAPV2=y CONFIG_EAP_TLS=y CONFIG_EAP_PEAP=y CONFIG_EAP_TTLS=y CONFIG_EAP_LEAP=y CONFIG_IEEE8021X=y
make eapol_test
Download http://wiki.eduroam.cz/rad_eap_test/rad_eap_test-0.23.tar.bz2 tar jxvof rad_eap_test-0.23.tar.bz2 cd rad_eap_test-0.23 cp ../wpa_supplicant-0.7.3/wpa_supplicant/eapol_test bin/
./rad_eap_test -H localhost -P 1812 -S testing123 -u fred -p password -m WPA-EAP -e PEAP
With faulty version of Samba test returns: access-reject; 1 With fixed version of Samba, test returns: access-accept; 0
References:
1. http://deployingradius.com/documents/configuration/active_directory.html 2. http://marcel.bl2000.org/?p=242
SRU Test Case [ Provided by Craig Balfour]:
Install Software
----------------
apt-get install samba winbind krb5-user freeradius
Configure Kerberos
------------------
Edit /etc/krb5.conf:
[realms]
EXAMPLE.CO.ZA = { example. co.za example. co.za
admin_ server = server1. example. co.za
kdc = server1.
kdc = server2.
}
[domain_realm]
.example. co.za = EXAMPLE.CO.ZA
example. co.za = EXAMPLE.CO.ZA
Configure Samba
---------------
Edit /etc/samba/ smb.conf:
workgroup = EXAMPLE
security = ads
realm = EXAMPLE.CO.ZA
Join Samba to Active Directory Domain ------- ------- ------- ------- --
-------
net join -U Administrator
service winbind restart
service smbd restart
Configure freeradius ------- ------
-------
Edit /etc/freeradius /modules/ mschap:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username= %{mschap: User-Name: -None} --domain= %{%{mschap: NT-Domain} :-EXAMPLE} --challenge= %{mschap: Challenge: -00} --nt-response= %{mschap: NT-Response: -00}"
addgroup freerad winbindd_priv
service freeradius restart
Install and Configure rad_eap_test ------- ------- ------- ------
-------
apt-get install libssl-dev
Download http:// hostap. epitest. fi/releases/ wpa_supplicant- 0.7.3.tar. gz 0.7.3.tar. gz 0.7.3/wpa_ supplicant
tar zxvof wpa_supplicant-
cd wpa_supplicant-
Create .config: IEEE8021X_ EAPOL=y EAP_MSCHAPV2= y
CONFIG_
CONFIG_
CONFIG_EAP_TLS=y
CONFIG_EAP_PEAP=y
CONFIG_EAP_TTLS=y
CONFIG_EAP_LEAP=y
CONFIG_IEEE8021X=y
make eapol_test
Download http:// wiki.eduroam. cz/rad_ eap_test/ rad_eap_ test-0. 23.tar. bz2 test-0. 23.tar. bz2 supplicant- 0.7.3/wpa_ supplicant/ eapol_test bin/
tar jxvof rad_eap_
cd rad_eap_test-0.23
cp ../wpa_
./rad_eap_test -H localhost -P 1812 -S testing123 -u fred -p password -m WPA-EAP -e PEAP
With faulty version of Samba test returns:
access-reject; 1
With fixed version of Samba, test returns:
access-accept; 0
References:
1. http:// deployingradius .com/documents/ configuration/ active_ directory. html marcel. bl2000. org/?p= 242
2. http://