Before Bride of Frank | Boycott Citgo | 9/11 White Van Camera Crew | Hudson County Politics | Hudson County Facts | Outlaw Motorcycle Gangs | New Jersey Mafia | Hal Turner, FBI Informant
Removing Viruses and Spyware | Reinstalling Windows XP, Vista, or 7 | Reset Windows Passwords | Windows Blue Screen of Death | Computer Noise | Don't Trust External Hard Drives!
Internet Advertising SEO - Search Engine Optimization - Search Engine Marketing - SEM iTunes Beatles Billboards Anthony Olszewski Intellectual Predator Email this Page

CLASSIC PC | YOU DO SUCCEED | DOWNLOAD | FAQ LIBRARY
LINKS | LINUX | MAIN MENU | PS2 | REFERENCE | USENET


4. Supplicant: Setting up Xsupplicant

The Supplicant is usually a laptop or other (wireless) device that requires authentication. Xsupplicant does the bidding of being the "Supplicant" part of the IEEE 802.1X-2001 standard.

4.1. Installing Xsupplicant

Installing Xsupplicant

  1. Download the latest source from from http://www.open1x.org/

    
    # cd /usr/local/src
        # wget http://belnet.dl.sourceforge.net/sourceforge/open1x/xsupplicant-1.0.tar.gz
        # tar zxfv xsupplicant-1.0.tar.gz
        # cd xsupplicant
        
  2. Configure, make, and install:

    
    # ./configure
        # make
        # make install
        
  3. If the configuration file wasn't installed (copied) into the "etc" folder, do it manually:

    
    # mkdir -p /usr/local/etc/1x
        # cp etc/tls-example.conf /usr/local/etc/1x
        

If installation fails, check the README and INSTALL files included with the source. You may also check out the official documentation.

4.2. Configuring Xsupplicant

Configuring Xsupplicant

  1. The Supplicant must have access to the root certificate.

    If the Supplicant needs to authenticate against the Authentication Server (authentication both ways), the Supplicant must have certificates as well.

    Create a certificate folder, and move the certificates into it:

    
    # mkdir -p /usr/local/etc/1x/certs
        # cp root.pem /usr/local/etc/1x/certs/
        # (copy optional client certificate(s) into the same folder)
       
  2. Open and edit the configuration file:

    
   # startup_command: the command to run when Xsupplicant is first started.
       #   This command can do things such as configure the card to associate with
       #   the network properly.
       startup_command = <BEGIN_COMMAND>/usr/local/etc/1x/startup.sh<END_COMMAND>
       

    The startup.sh will be created shortly.

  3. When the client is authenticated, it will transmit a DHCP request or manually set an IP address. Here, the Supplicant sets its IP address manually in startup2.sh:

    
   # first_auth_command: the command to run when Xsupplicant authenticates to
       #   a wireless network for the first time.  This will usually be used to
       #   start a DHCP client process.
       #first_auth_command = <BEGIN_COMMAND>dhclient %i<END_COMMAND>
       first_auth_command = <BEGIN_COMMAND>/usr/local/etc/1x/startup2.sh<END_COMMAND>
       
  4. Since "-i" is just for debugging purpose (and may go away according to the developers), "allow_interfaces" must be set:

    
   allow_interfaces = eth0
       deny_interfaces = eth1
       
  5. Next, under the "NETWORK SECTION", we'll configure PEAP:

    
   # We'll be using PEAP
       allow_types = eap_peap
    
       # Don't want any eavesdropper to learn the username during the
       # first phase (which is unencrypted), so 'identity hiding' is 
       # used (using a bogus username).
       identity = <BEGIN_ID>anonymous<END_ID>
    
       eap-peap {
          # As in tls, define either a root certificate or a directory
          # containing root certificates.
          root_cert = /usr/local/etc/1x/certs/root.pem
          #root_dir = /path/to/root/certificate/dir
          #crl_dir = /path/to/dir/with/crl
          chunk_size = 1398
          random_file = /dev/urandom
          #cncheck = myradius.radius.com   # Verify that the server certificate
                                           # has this value in its CN field.
          #cnexact = yes                   # Should it be an exact match?
          session_resume = yes
    
          # Currently 'all' is just mschapv2.
          # If no allow_types is defined, all is assumed.
          #allow_types = all # where all = MSCHAPv2, MD5, OTP, GTC, SIM
          allow_types = eap_mschapv2
    
          # Right now, you can do any of these methods in PEAP:
          eap-mschapv2 {
            username = <BEGIN_UNAME>testuser<END_UNAME>
            password = <BEGIN_PASS>Secret149<END_PASS>
          }
       }
       
  6. The Supplicant must first associate with the access point. The script startup.sh does that job. It is also the first command Xsupplicant executes.

    Note

    Notice the bogus key we give to iwconfig (enc 000000000)! This key is used to tell the driver to run in encrypted mode. The key gets replaced after successful authentication. This can be set to enc off only if encryption is disabled in the AP (for testing purposes).

    Both startup.sh and startup2.sh must be saved under /usr/local/etc/1x/.

    
   #!/bin/bash
       echo "Starting startup.sh"
       # Take down interface (if it's up)
       /sbin/ifconfig eth0 down
       # To make sure the routes are flushed
       sleep 1
       # Configuring the interface with a bogus key
       /sbin/iwconfig eth0 mode managed essid testnet enc 000000000
       # Bring the interface up and make sure it listens to multicast packets
       /sbin/ifconfig eth0 allmulti up
       echo "Finished startup.sh"
       
  7. This next file is used to set the IP address statically. This can be omitted if a DHCP server is present (as it typically is, in many access points).

    
   #!/bin/bash
       echo "Starting startup2.sh"
       # Assigning an IP address
       /sbin/ifconfig eth0 192.168.1.5 netmask 255.255.255.0
       echo "Finished startup2.sh"
       

Second Thief, Best Thief
New Jersey Short Stories

Nunchaku Style Bike Lock on Wheel
Great New Bike Lock!
$25 – Lock Included – Free Shipping in the USA
Payment by PayPal – E-mail anthony.olszewski@gmail.com
Mail Orders Accepted

I Love Hoboken!

Hal Turner sues 7chan, 4chan, ebaumsworld and others.
Hudson County Hate Monger and FBI informant Hal Turner charges in suit:
"Criminal activity . . . includes photographs of pre-teen and teenage girls in various states of undress."

New York City Politics Message Board
Brooklyn Politics: The Saga of Brooklyn District Attorney Charles "Joe" Hynes
The Prosecution of New York City Political Activists John O'Hara and Sandra Roper
Courts Take Property and Freedom from Judge John Phillips by Declaring him "Mentally Incapacitated"

The Trail of the Tiger – Tammany: 1789-1928
Boss Tweed and The History of New York City Political Corruption

Theft by deception as a way of life . . .

Hudson County Facts

James McGreevey vs. Bret Schundler
The 2001 Race for Governor of New Jersey

Martin Bormann Nazi in Exile

Now on Sale at Amazon

Hudson County Facts Winter 2006 by Anthony Olszewski
Hudson County, New Jersey is a place of many firsts - including genocide and slavery.
Political corruption is a tradition here.
First issue in a series by Anthony Olszewski – Click HERE to find out more.

Print Edition Now on Sale at Amazon

Read Online at
Google Book Search

Advertiser and Distributor
Inquiries Welcome

Marvin Corwick
New Jersey State Employee is Fired
"the release of the information, done against the advice of staff and without the authorization of his superiors, showed a lack of good judgment and undermined the hard-earned faith and trust in the division as an impartial assistant to local governments."

Page continues BELOW this image!
How to Care for Tropical Fish, Parrots, and other Pets

Unable to open RSS Feed http://marketingmasterinsights.com/input/feed/ with error HTTP ERROR: 503, exiting


Deprecated: Function split() is deprecated in /home/content/o/n/t/ontheerie/html/computercraft/FeedForAll_XMLParser.inc.php on line 256

Fatal error: Call to undefined method baseParserClass::baseParserClassWithExtensions() in /home/content/o/n/t/ontheerie/html/computercraft/FeedForAll_XMLParser.inc.php on line 1691

Great Domains for Sale

New Forces in
NJ Organized Crime
On sale at Amazon

SEO and Flash

Svedka female robot
The Svedka female robot wants you!

Corona Beer Subliminal Advertising

"Our Computers Don't Make Mistakes"

The Advance-Decline Line As A Tool In Technical Market Analysis

Intellectual Predator
Shines the Light of Reason on New Jersey Politics

Roger Chugh: The Third Most Powerful Official in Trenton
New Jersey Governor McGreevey's Close Confidant

The New Jersey Mafia

George Washington to Run for Office!

James McGreevey of New Jersey
Sex Scandal Prompts Resignation

Feds Charge Herbert Axelrod
As White Color Criminal And Fugitive

The Canary FAQ
Answers Your Frequently Asked Questions About
Keeping and Breeding Canaries

The Keet FAQ
Answers Your Frequently Asked Questions About
Keeping and Breeding Parakeets and Budgerigars

Last modified:

Contact
COMPUTERCRAFT

Return To The COMPUTERCRAFT Main Menu

Asbury Park
Bruce Springsteen's Jersey Shore Rock Haven!

Featured Link
Great Domain Names For Sale!
Very brandable Domains for Sale -- The GET NJ family of Sites, managed by Anthony Olszewski, features tens of thousands of Pages Online at dozens of active domains, many with a New Jersey focus. Other advertising opportunities including enterprise and exclusive placements exist at a wide range of Web Sites. Your ad can appear at one Page or at many, many thousands of Pages simultaneously! A large slice of the domains have been Online for more than five years, some for over ten! In addition to advertising, many great Domains are available for purchase or license

Text Link Advertising Program
Business name, Web Site Link and a brief description or motto – runs for one month in the Page (or Pages) of your choice.

Hudson County Politics
From Frank Hague to Robert Janiszewski, in this New Jersey county, political corruption is a tradition. Former NJ Governor Brendan Byrne wants to be buried here so he can stay active in Democratic politics! You'll find lots about Senator Robert Menendez, too.

GRAVE ROBBER Jersey City Computer Repair
297 Griffith Street, Jersey City, NJ - 201-798-2292 - In the Heights just off of Kennedy Blvd. - Very close to Journal Square and Union City, just five minutes away from Hoboken, Downtown Jersey City, Newport, the Waterfront, Secaucus, North Bergen and Weehawken - Tech support for The Jersey City Mayor's Office during the administration of Bret Schundler - PC repair - Tivos, too!, upgrade, hardware install, software install, data recovery, spyware removal, virus removal, replace hard drive, replace motherboard, data recovered from notebook computers, recover lost XP passwords, password recovery

The Statue of Liberty, Ellis Island, and The Central Railroad Terminal
Visit Liberty State Park!

Stealth Jet at the World Trade Center During OpSail 2000
For All Sorts of Unique New York City Information, Visit GET NY!