Tuesday, May 29, 2012

Free memory on Mac OSX


MBP:~ lawrence$ sync && purge


Monday, May 07, 2012

How to configure FreeRADIUS2.x support EAP-TLS under Linux?

延續上篇How to configure FreeRADIUS2.x support EAP-TTLS under Linux?


  Client certificates are used by EAP-TLS, and optionally by EAP-TTLS
and PEAP.  The following steps outline how to create a client
certificate that is signed by the server certificate created above.
You will have to have the password for the server certificate in the
"input_password" and "output_password" fields of the server.cnf file.

$ vi client.cnf
  Edit the "input_password" and "output_password" fields to be the
  password for the client certificate.  You will have to give these
  passwords to the end user who will be using the certificates.
  Edit the [client] section to have the correct values for your
  country, state, etc.  Be sure that the commonName field here is
  the User-Name that will be used for logins!
$ make client.pem
  The users certificate will be in "emailAddress.pem",
  i.e. "user@example.com.pem".
  To create another client certificate, just repeat the steps for
  making a client certificate, being sure to enter a different login
  name for "commonName", and a different password.

Step2: IMPORT ROOTCA, and Client Certificate/以Fedora16為例:
- 安全性: WPA&WPA2 Enterprise
- 驗證: TLS
- 識別: commonName
- CA: ca.pem
- 私密金鑰: client.p12
- 私密金鑰密碼: "input_password" and "output_password"
Note: ca.pem and client.p12是產生ROOTCA與Client Certificate時所一併產生的,所在的目錄是/etc/raddb/certs/

That's all.