Embedded software development and testing
Monday 29 July 2013
Cisco command to see the time and the command to see DHCP bindings
Thursday 25 July 2013
Freeradius configuration for PEAP/TLS and TTLS
Free Radius Server can be downloaded from http://sourceforge.net/projects/freeradius/
Some of the common commands are :
1) To run RADIUS service :
radiusd –X
2) To kill RADIUS service, search for the process-id
ps –ax
kill 9 <pid>
3) Configure Clients:
/usr/local/etc/raddb/clients.conf
client 10.0.0.1/16 {
secret = test123
shortname = private-network-2
}
4) Configure users:
/usr/local/etc/raddb/users
"user1" Cleartext-Password: = "test1"
5) PEAP :To authenticate a client using PEAP, the following configurations are needed for the PEAP module in the eap.conf file
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
6) To authenticate a client by validating the server certificate, "ca.der " certificate needs to be installed in the client
7) TLS: To authenticate a client using TLS ,the following configurations are needed for the TLS module in the eap.conf file
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
CA_path = ${cadir}
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
cache {
enable = no
lifetime = 24 # hours
max_entries = 255
}
}
8) TTLS: To authenticate a client using TTLS ,the following configurations are needed for the TTLS module in the eap.conf file
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
How to generate the certificates
1) To generate the certificates for ca and server use command "./bootstrap" in the below folder
/usr/local/etc/raddb/certs
2) To generate certificates for client
Use command, "make client.pem" and copy the certificate "client.p12" to client and install
*** while installing the client.p12 in windows client, config password same as in certificate i,e "whatever" as per in client.cnf
Radius VLAN assignment
"user1" Cleartext-Password := "test1"
Tunnel-type = VLAN,
Tunnel-medium-type = IEEE-802,
Tunnel-Private-Group-Id = "10"
Note: "use_tunneled_reply" is to be enabled for authentication to work. To enable, need to configure, "use_tunneled_reply = yes" in the eap.conf file
Some of the common commands are :
1) To run RADIUS service :
radiusd –X
2) To kill RADIUS service, search for the process-id
ps –ax
kill 9 <pid>
3) Configure Clients:
/usr/local/etc/raddb/clients.conf
client 10.0.0.1/16 {
secret = test123
shortname = private-network-2
}
4) Configure users:
/usr/local/etc/raddb/users
"user1" Cleartext-Password: = "test1"
5) PEAP :To authenticate a client using PEAP, the following configurations are needed for the PEAP module in the eap.conf file
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
6) To authenticate a client by validating the server certificate, "ca.der " certificate needs to be installed in the client
7) TLS: To authenticate a client using TLS ,the following configurations are needed for the TLS module in the eap.conf file
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = whatever
private_key_file = ${certdir}/server.pem
certificate_file = ${certdir}/server.pem
CA_file = ${cadir}/ca.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
CA_path = ${cadir}
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
cache {
enable = no
lifetime = 24 # hours
max_entries = 255
}
}
8) TTLS: To authenticate a client using TTLS ,the following configurations are needed for the TTLS module in the eap.conf file
ttls {
default_eap_type = md5
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
How to generate the certificates
1) To generate the certificates for ca and server use command "./bootstrap" in the below folder
/usr/local/etc/raddb/certs
2) To generate certificates for client
Use command, "make client.pem" and copy the certificate "client.p12" to client and install
*** while installing the client.p12 in windows client, config password same as in certificate i,e "whatever" as per in client.cnf
Radius VLAN assignment
"user1" Cleartext-Password := "test1"
Tunnel-type = VLAN,
Tunnel-medium-type = IEEE-802,
Tunnel-Private-Group-Id = "10"
Note: "use_tunneled_reply" is to be enabled for authentication to work. To enable, need to configure, "use_tunneled_reply = yes" in the eap.conf file
Wednesday 24 July 2013
"No option 125" error from Cisco DHCP server
Problem : "No option 125" error was continuosly repeating and DHCP Server on Cisco was not offering any IP address to the clients.
=========================================
Jul 24 05:36:21.147: DHCPD: No option 125
Jul 24 05:36:21.147: DHCPD: DHCPDISCOVER received from client 001e.e5dc.ae.c0 on interface GigabitEthernet0/1.
Jul 24 05:36:30.707: DHCPD: client's VPN is .
Jul 24 05:36:30.707: DHCPD: No option 125
Jul 24 05:36:21.147: DHCPD: DHCPDISCOVER received from client 001e.e5dc.ae.c0 on interface GigabitEthernet0/1.
Jul 24 05:36:30.707: DHCPD: client's VPN is .
Jul 24 05:36:30.707: DHCPD: No option 125
========================================
Solution: After some debugging, came to know that the problem is with the subnet configured on the Gigabit ethernet. For DHCP Server to offer the ipa ddress atleast one interface should be in the same network as the pool is defined. Once the subnet is properly configured, the Server started replying.
The basic config file for configuring DHCP SERVER on Cisco router
service dhcp
no ip dhcp conflict logging
!
ip dhcp pool 1no ip dhcp conflict logging
!
network 11.0.0.0 255.0.0.0
default-router 11.0.0.1
!
interface GigabitEthernet0/1
ip address 11.0.0.1 255.0.0.0
iwconfig sample commands
1) iwconfig
Iwconfig command is used to configure wireless interface in Linux. It is similar to ifconfig command but with lots of wireless paramters.
Sample Commands
iwconfig eth0 essid My Network
iwconfig eth0 channel 3
iwconfig eth0 mode Managed
iwconfig eth0 rts 250
iwconfig eth0 key 0123-4567-89
iwconfig eth0 txpower 15
2) Atheros driver commands ( Madwifi)
a) iwconfig
b) wlanconfig
c) iwpriv
iwconfig ath0 essid test123
ifconfig ath0 up
wlanconfig ath0 create wlandev wifi1 wlanmode ap
iwconfig ath0 essid test123
iwpriv ath0 mode 11G
iwconfig ath0 channel 1
ifconfig ath0 up
wlanconfig ath0 list chan
iwconfig ath0 channel 36
iwpriv wifi0 getCountry
iwpriv wifi0 getCountryiD
iwpriv wifi0 setCountry US
iwpriv ath0 mode 11NAHT20
wlanconfig ath0 destroy
Monday 15 July 2013
Presentation Skills how much important ?
We had presentations for internal team by internal team members last week. It was a good experience and i think each and every member got benefited with this. I am just giving some feedback on how it was from my view, and it is not intended for making fun or hurting sentiments.The sole purpose of this post is to make people aware, what are the common mistakes people do and how we can avoid them.
1) First day : This person , only one day before i asked him to give presentation and he agreed. He was confident , he selected the topic on which he was working.He started with writing all the topics on board and explained the scope of discussion, topics he is going to cover and what are not covered in the session. After that he started in detail about each topic and covered well. We all had a good laugh and concluded that as time is already over we will go for another session on RIP (only RIP)
Tuesday 2 July 2013
How to add static routes in DHCP Clients, DHCP option supported for Classless routing !
It is defined in
http://www.faqs.org/rfcs/rfc3442.html. The option code is 121.
However, Microsoft DHCP server uses another option i.e. 249 to serve the same purpose.
In Linux based DHCP server i.e. ISC DHCP server , you can try adding the options as specified in
http://www.j-schmitz.net/blog/pushing-static-routes-with-isc-dhcp-server
http://www.j-schmitz.net/blog/pushing-static-routes-with-isc-dhcp-server
Subscribe to:
Posts (Atom)