Finally, set the EAP type in use by moonshot (EAP-TTLS) by editing _/etc/raddb/eap.conf_
default_eap_type = md5
+
+becomes:
+
+ default_eap_type = ttls
+
+Other EAP types should be supported (PEAP and MD5 tested).
FreeRADIUS now has a very minimal IdP/ORPS configuration, and can be started with:
service radiusd restart
-
If you encounter any issues, you can run radius in debug mode to see what is going on internally.
service radiusd stop
###gss_eap_id
Next, a file is created in the home directory at _~/.gss\_eap\_id_ – this is the file that moonshot looks in for credentials.
-The format is very simple – username followed by a password. For now, set it to:
+The format is very simple – username followed by a password on separate lines. For now, set it to:
+
steve
testing
/opt/moonshot/sbin/gss-server host@localhost &
There are two ways to start _gss-client_ – the first specifies an encryption method to use by its OID 1.3.6.1.4.1.5322.22.1.18 (as seen in /etc/gss/mech):
- /opt/moonshot/bin/gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}" 127.0.0.1 host@localhost bar
+ /opt/moonshot/bin/gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}" 127.0.0.1 host@localhost bar
The second uses __Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO)__<br />
This chooses the "best" mutually-agreeable encryption method for between client and server. To invoke the client using __SPNEGO__, use:
+
/opt/moonshot/bin/gss-client -spnego 127.0.0.1 host@localhost bar
##Sample Output