Mercurial > hg > fD-testbed

changeset 7:45d7725a915c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Prepared testbed configuration for app_diameap
author Sebastien Decugis <sdecugis@nict.go.jp>
date Wed, 28 Jul 2010 18:57:32 +0900
parents 71cfef80a3ea
children 6cc66ddc5ec8
files conf/backend.eap.testbed.aaa/freeDiameter/CMakeFlags conf/backend.eap.testbed.aaa/freeDiameter/app_diameap.conf conf/backend.eap.testbed.aaa/freeDiameter/app_diameap.sql conf/backend.eap.testbed.aaa/freeDiameter/eap_tls.conf conf/backend.eap.testbed.aaa/freeDiameter/freeDiameter.conf conf/supauth.eap.testbed.aaa/wpasupplicant/wpa_supplicant.conf
diffstat 6 files changed, 120 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/conf/backend.eap.testbed.aaa/freeDiameter/CMakeFlags	Wed Jul 28 15:55:40 2010 +0900
+++ b/conf/backend.eap.testbed.aaa/freeDiameter/CMakeFlags	Wed Jul 28 18:57:32 2010 +0900
@@ -3,3 +3,8 @@
 -DBUILD_TESTING:BOOL=OFF 
 -DCMAKE_BUILD_TYPE:STRING=Debug 
 -DDEFAULT_CONF_PATH:PATH=/root/conf/freeDiameter
+-DBUILD_APP_DIAMEAP:BOOL=ON
+-DBUILD_EAP_IDENTITY:BOOL=ON
+-DBUILD_EAP_MD5:BOOL=ON
+-DBUILD_EAP_TLS:BOOL=ON
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/conf/backend.eap.testbed.aaa/freeDiameter/app_diameap.conf	Wed Jul 28 18:57:32 2010 +0900
@@ -0,0 +1,44 @@
+##### a sample Configuration file for DiamEAP
+
+# MySQL Database settings
+# Specify connection parameters for DiamEAP MySQL database:
+# - username and password to connect to the MySQL Server
+# - databaseserver : the MySQL server location. It can be the IP address or the host name where MySQL server is located. 'localhost' can be used as the location if the server is locatd in the same host than DiamEAP.
+# - database_name : the created database for DiamEAP.
+
+# Syntax :
+# DiamEAP_MySQL = "<username>" , "<password>" , "<databaseserver>" , "<database_name>";
+DiamEAP_MySQL = "diameap", "eapdiam", "localhost", "diameap";
+
+
+##### Extensible Authentication Protocol (EAP) Methods Plugins #####
+# An EAP method is identified by its EAP method name, EAP TYPE, VENDOR and path to its EAP Method Plugin.
+# Optionally, path to a configuration file of plugin can also be provided.
+# Location of plugins and their configuration files can be provided by the absolute pathor the relative path from the location configured in cmake.
+# An EAP Method Plugin can not be loaded twice. Only the first added method will be loaded.
+# Any EAP Method plugin with a same EAP_TYPE value than an already loaded one will be discarded.
+# EAP Methods are added in the same order they are added to the the configuration file.
+
+# Syntax :
+# Load_plugin = "<EAP method name>":EAP_TYPE:VENDOR:"<Path to EAP method >":"<Path to configuration file>";
+#
+# Example:
+# Load_plugin = "EAP MD5":4:0:"/extensions/eap_md5.emp":"";
+# Load_plugin = "EAP TLS":13:0;"/extensions/eap_tls.emp":"/doc/eap_tls_plugin.diameap.conf";
+
+Load_plugin = "EAP Identity":1:0:"/root/freeDiameter/extensions/eap_identity.emp":"";
+Load_plugin = "EAP md5":4:0:"/root/freeDiameter/extensions/eap_md5.emp":"";
+Load_plugin = "EAP TLS":13:0:"/root/freeDiameter/extensions/eap_tls.emp":"/root/conf/freeDiameter/eap_tls.conf";
+
+
+# In addition to authentication DiamEAP can be configured to check authorization of authenticated users. If set to 0 authorization is disabled, otherwise enabled.( by default disabled).
+Authorization = 1;
+
+# This parameter specify the maximum number of seconds provided to the access device for responding to an EAP request. (by default set to 30 seconds)
+#Multi_Round_Time_Out=30;
+
+# After receivin a number of invalid EAP packets, DiamEAP reject the authentication by responding with Failure Authentication.
+# The default value of maximum number of invalid EAP packets is set to 5 packets.
+# The value of maximum invalid EAP packets can be modified by adding a new value.
+#MAX_Invalid_EAP_Packets=5;
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/conf/backend.eap.testbed.aaa/freeDiameter/app_diameap.sql	Wed Jul 28 18:57:32 2010 +0900
@@ -0,0 +1,52 @@
+# aptitude install mysql-server mysql-client libmysqlclient-dev
+# mysql -u root -p
+## create user diameap@localhost identified by 'eapdiam';
+## create database diameap;
+## GRANT ALL PRIVILEGES ON diameap.* TO diameap@localhost;
+## Bye
+# mysql -u diameap -p -D diameap < /root/conf/freeDiameter/app_diameap.sql
+
+CREATE TABLE `auth` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `grp` int(11) NOT NULL,
+  `attrib` char(255) NOT NULL,
+  `operator` char(255) NOT NULL,
+  `value` char(255) NOT NULL,
+  PRIMARY KEY (`id`)
+);
+
+CREATE TABLE `authentication` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `grp` int(11) NOT NULL,
+  `attribute` set('Authorization-Lifetime','Auth-Grace-Period','Auth-Session-State','Re-Auth-Request-Type','Session-Timeout','Multi-Round-Time-Out','Acct-Interim-Interval') NOT NULL DEFAULT 'Authorization-Lifetime',
+  `operator` set('=','==') NOT NULL DEFAULT '=',
+  `value` char(255) NOT NULL,
+  PRIMARY KEY (`id`)
+);
+
+CREATE TABLE `grp` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `grp_name` char(255) NOT NULL,
+  `active` set('Y','N') NOT NULL DEFAULT 'Y',
+  PRIMARY KEY (`id`)
+);
+
+CREATE TABLE `user_grp` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `user` int(11) NOT NULL,
+  `grp` int(11) NOT NULL,
+  PRIMARY KEY (`id`)
+);
+
+CREATE TABLE `users` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `username` varchar(255) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
+  `eapmethod` tinyint(3) unsigned NOT NULL DEFAULT '0',
+  `vendor` int(11) NOT NULL DEFAULT '0',
+  `password` varchar(255) CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL,
+  `active` enum('Y','N') CHARACTER SET latin1 COLLATE latin1_general_ci NOT NULL DEFAULT 'Y',
+  PRIMARY KEY (`id`)
+);
+
+INSERT INTO users (username, eapmethod) values ( 'client@eap.testbed.aaa', 13 );
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/conf/backend.eap.testbed.aaa/freeDiameter/eap_tls.conf	Wed Jul 28 18:57:32 2010 +0900
@@ -0,0 +1,14 @@
+#### a sample configuration file for EAP-TLS
+
+#Certificate and Private key files
+#Cred = "<Path to certificate>" : "<Path to private Key>";
+Cred = "/home/aaa/ca/ca_data/mgr.testbed.aaa/clients/server/cert.pem"
+                : "/home/aaa/ca/ca_data/mgr.testbed.aaa/clients/server/privkey.pem";
+
+#CA file
+#CA = "<Path to CA file>";
+CA = "/home/aaa/ca/ca_data/mgr.testbed.aaa/public/cacert.pem";
+
+#CRL file
+#CRL = "<Path to CRL file>";
+
--- a/conf/backend.eap.testbed.aaa/freeDiameter/freeDiameter.conf	Wed Jul 28 15:55:40 2010 +0900
+++ b/conf/backend.eap.testbed.aaa/freeDiameter/freeDiameter.conf	Wed Jul 28 18:57:32 2010 +0900
@@ -54,5 +54,9 @@
 LoadExtension = "/root/freeDiameter/extensions/dict_eap.fdx";
 LoadExtension = "/root/freeDiameter/extensions/app_acct.fdx"
 		: "/root/conf/freeDiameter/app_acct.conf";
+
+LoadExtension = "/root/freeDiameter/extensions/app_diameap.fdx"
+		: "/root/conf/freeDiameter/app_diameap.conf";
+
 ConnectPeer = "gw.eap.testbed.aaa" { No_TLS; };
 
--- a/conf/supauth.eap.testbed.aaa/wpasupplicant/wpa_supplicant.conf	Wed Jul 28 15:55:40 2010 +0900
+++ b/conf/supauth.eap.testbed.aaa/wpasupplicant/wpa_supplicant.conf	Wed Jul 28 18:57:32 2010 +0900
@@ -10,7 +10,7 @@
 #	password="himitsu"
 
 	eap=TLS
-	identity="client"
+	identity="client@eap.testbed.aaa"
 	ca_cert="/home/aaa/ca/ca_data/mgr.testbed.aaa/public/cacert.pem"
 	client_cert="/home/aaa/ca/ca_data/mgr.testbed.aaa/clients/client/cert.pem"
 	private_key="/home/aaa/ca/ca_data/mgr.testbed.aaa/clients/client/privkey.pem"
"Welcome to our mercurial repository"