To build and install a Trust Router, you need to separately 'make' and 'make install' in both the moonshot/trust_router and moonshot/freeradius-server directories, in that order.
To build and install a Trust Router, you need to separately 'make' and 'make install' in both the moonshot/trust_router and moonshot/freeradius-server directories, in that order.
-realm suffix {
- format = suffix
- delimiter = "@"
- default_community = "testing.communities.ja.net"
- rp_realm = "painless-security.com"
- trust_router = "10.0.2.15"
+realm suffix {<br/>
+ format = suffix<br/>
+ delimiter = "@"<br/>
+ default_community = "testing.communities.ja.net"<br/>
+ rp_realm = "painless-security.com"<br/>
+ trust_router = "10.0.2.15"<br/>
Before running the IDP AAA Server, you will need to configure freeradius to use the SQL key database that will be shared with the TIDS. This can be done by adding a file called 'psk' to the /etc/freeradius/mods-enabled directory with the following contents:
Before running the IDP AAA Server, you will need to configure freeradius to use the SQL key database that will be shared with the TIDS. This can be done by adding a file called 'psk' to the /etc/freeradius/mods-enabled directory with the following contents:
}
You will also need to add 'psksql' to the existing 'instantiate' section in etc/freeradius/radiusd.conf.
Before running TIDS for the first time, create the SQL database using the following commands:
}
You will also need to add 'psksql' to the existing 'instantiate' section in etc/freeradius/radiusd.conf.
Before running TIDS for the first time, create the SQL database using the following commands:
root@debian:/opt/moonshot/sbin# ./radiusd -fxx -l stdout
Start the TID Server (on Node-2, as root):
root@debian:/opt/moonshot/sbin# ./radiusd -fxx -l stdout
Start the TID Server (on Node-2, as root):
-root@debian:/opt/moonshot/bin# ./tids 10.1.10.90 /var/tmp/keys
+
+root@debian:/opt/moonshot/bin# ./tids 10.1.10.90 gss_id /var/tmp/keys
+
+The gss_id is the GSS name that will be used by the trustrouter to connect to the TIDS. For example if trustrouter@apc.painless-security.com is provisioned as the identity, then enter trustrouter@apc.painless-security.com.
On the second virtual machine, you will run the freeradius RP AAA Proxy (with built-in TIDC), the Trust Router, the GSS Server and the GSS Client. For example:
Starting the freeradius RP AAA Proxy (on Node-1, as root):
On the second virtual machine, you will run the freeradius RP AAA Proxy (with built-in TIDC), the Trust Router, the GSS Server and the GSS Client. For example:
Starting the freeradius RP AAA Proxy (on Node-1, as root):
root@moonshot-proxy:/usr/local/sbin# ./radiusd -fxx -l stdout
Starting the Trust Router (on Node-1, as root):
root@moonshot-proxy:/usr/local/sbin# ./radiusd -fxx -l stdout
Starting the Trust Router (on Node-1, as root):
root@moonshot-proxy:/home/margaret/moonshot/trust_router/tr# ./tr
Starting the GSS server (on Node-1, as root):
root@moonshot-proxy:/home/margaret/moonshot/trust_router/tr# ./tr
Starting the GSS server (on Node-1, as root):
root@moonshot-proxy:/home/margaret# gss-server host@localhost
Starting the GSS client (on Node-1, any user):
root@moonshot-proxy:/home/margaret# gss-server host@localhost
Starting the GSS client (on Node-1, any user):