[Eisfair] Neuinstallation: Welche Version?
D. Oezbilen
oezbilen at gmx.net
So Jan 19 06:54:36 CET 2020
Hallo Boris,
vielleicht musst Du nicht mal eine virt. Einheit fuer freeradius
installieren.
> Vielleicht werde ich auch für Motion und freeradius eine virtualisierte > EIS1-32-Installation machen, so wie es Özbilen vorgeschlagen hat.
/freeradius-server-3.0.20
mit
/talloc-2.1.0
laesst sich auf eisx64
4.9.207-VIRT
base 2.8.23
kompilieren. Mein eisx86 hat viele dev-Pakete, die sind mit der Zeit
dazu gekommen, weil ich paar andere Prg. selbs kompilieren musste.
Die Aussage ist aber eine andere: Es geht freeradius auf eisx64 zu
kompilieren, evtl. kann einer der Cracks das alte Paket mit den akt.
binaries auf den letzten Stand zu bringen, da man auf x64 die bins
generieren kann.
Wie Du unten sehen kannst, generiert ein
make install
alles erforderliche, auch die Keys fuer den Server. Ich habe es einfach
durchlaufen lassen.
Gruss
Oezbilen
########################################################
INSTALL raddb/certs/Makefile
INSTALL raddb/certs/README
INSTALL raddb/certs/xpextensions
INSTALL raddb/certs/ca.cnf
INSTALL raddb/certs/server.cnf
INSTALL raddb/certs/inner-server.cnf
INSTALL raddb/certs/client.cnf
BOOTSTRAP raddb/certs/
gmake[1]: Entering directory '/etc/raddb/certs'
Makefile:23: passwords.mk: No such file or directory
openssl dhparam -out dh -2 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.....................................................+...................................................+.........................................................................................+...........................................................................................................................+.................................................................................................................+...............................................................................................+...........................................+..............................................................+.............................................................................................................+...............+.........................................................................................+..........................................................+............................................................................................+.................+..................................................................................................................................................................+...............................+...................................................+......................................................+..........+.........................................................................................................................................................................+.................................................................................................+..................................................+........+.................................................................................................................................................................+..............+................................................................................................................................+.......................................................+..........................................+.................................................................................................................................+...........................................................+...................................................................+.....................................+................................................................................................................................................................................+.............................................................................++*++*++*++*
openssl req -new -out server.csr -keyout server.key -config ./server.cnf
Generating a RSA private key
...........+++++
............................................+++++
writing new private key to 'server.key'
-----
chmod g+r server.key
openssl req -new -x509 -keyout ca.key -out ca.pem \
-days '60' -config ./ca.cnf \
-passin pass:'whatever' -passout pass:'whatever'
Generating a RSA private key
............+++++
.............+++++
writing new private key to 'ca.key'
-----
chmod g+r ca.key
openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key
'whatever' -out server.crt -extensions xpserver_ext -extfile
xpextensions -config ./server.cnf
Using configuration from ./server.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jan 19 05:44:18 2020 GMT
Not After : Mar 19 05:44:18 2020 GMT
Subject:
countryName = FR
stateOrProvinceName = Radius
organizationName = Example Inc.
commonName = Example Server Certificate
emailAddress = admin at example.org
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.example.com/example_ca.crl
Certificate is to be certified until Mar 19 05:44:18 2020 GMT (60 days)
Write out database with 1 new entries
Data Base Updated
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12
-passin pass:'whatever' -passout pass:'whatever'
chmod g+r server.p12
openssl pkcs12 -in server.p12 -out server.pem -passin pass:'whatever'
-passout pass:'whatever'
chmod g+r server.pem
server.pem: OK
openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der
openssl ca -gencrl -keyfile ca.key -cert ca.pem -config ./ca.cnf -out
ca-crl.pem -key 'whatever'
Using configuration from ./ca.cnf
openssl crl -in ca-crl.pem -outform der -out ca.crl
rm ca-crl.pem
openssl req -new -out client.csr -keyout client.key -config ./client.cnf
Generating a RSA private key
..............................................+++++
...................+++++
writing new private key to 'client.key'
-----
chmod g+r client.key
openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key
'whatever' -out client.crt -extensions xpclient_ext -extfile
xpextensions -config ./client.cnf
Using configuration from ./client.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 2 (0x2)
Validity
Not Before: Jan 19 05:44:18 2020 GMT
Not After : Mar 19 05:44:18 2020 GMT
Subject:
countryName = FR
stateOrProvinceName = Radius
organizationName = Example Inc.
commonName = user at example.org
emailAddress = user at example.org
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.example.com/example_ca.crl
Certificate is to be certified until Mar 19 05:44:18 2020 GMT (60 days)
Write out database with 1 new entries
Data Base Updated
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
-passin pass:'whatever' -passout pass:'whatever'
chmod g+r client.p12
openssl pkcs12 -in client.p12 -out client.pem -passin pass:'whatever'
-passout pass:'whatever'
chmod g+r client.pem
cp client.pem 'user at example.org'.pem
gmake[1]: Leaving directory '/etc/raddb/certs'
INSTALL raddb/certs/bootstrap
INSTALL raddb/mods-config/README.rst
INSTALL raddb/mods-config/attr_filter/access_challenge
INSTALL raddb/mods-config/attr_filter/access_reject
INSTALL raddb/mods-config/attr_filter/accounting_response
INSTALL raddb/mods-config/attr_filter/post-proxy
INSTALL raddb/mods-config/attr_filter/pre-proxy
INSTALL raddb/mods-config/files/accounting
INSTALL raddb/mods-config/files/authorize
INSTALL raddb/mods-config/files/pre-proxy
INSTALL raddb/mods-config/perl/example.pl
INSTALL raddb/mods-config/preprocess/hints
INSTALL raddb/mods-config/preprocess/huntgroups
INSTALL raddb/mods-config/sql/counter/mysql/dailycounter.conf
INSTALL raddb/mods-config/sql/counter/mysql/expire_on_login.conf
INSTALL raddb/mods-config/sql/counter/mysql/monthlycounter.conf
INSTALL raddb/mods-config/sql/counter/mysql/noresetcounter.conf
INSTALL raddb/mods-config/sql/counter/postgresql/dailycounter.conf
INSTALL raddb/mods-config/sql/counter/postgresql/expire_on_login.conf
INSTALL raddb/mods-config/sql/counter/postgresql/monthlycounter.conf
INSTALL raddb/mods-config/sql/counter/postgresql/noresetcounter.conf
INSTALL raddb/mods-config/sql/counter/sqlite/dailycounter.conf
INSTALL raddb/mods-config/sql/counter/sqlite/expire_on_login.conf
INSTALL raddb/mods-config/sql/counter/sqlite/monthlycounter.conf
INSTALL raddb/mods-config/sql/counter/sqlite/noresetcounter.conf
INSTALL raddb/mods-config/sql/cui/mysql/queries.conf
INSTALL raddb/mods-config/sql/cui/mysql/schema.sql
INSTALL raddb/mods-config/sql/cui/postgresql/queries.conf
INSTALL raddb/mods-config/sql/cui/postgresql/schema.sql
INSTALL raddb/mods-config/sql/cui/sqlite/queries.conf
INSTALL raddb/mods-config/sql/cui/sqlite/schema.sql
INSTALL raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf
INSTALL raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql
INSTALL raddb/mods-config/sql/ippool-dhcp/oracle/queries.conf
INSTALL raddb/mods-config/sql/ippool-dhcp/oracle/schema.sql
INSTALL raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf
INSTALL raddb/mods-config/sql/ippool-dhcp/sqlite/schema.sql
INSTALL raddb/mods-config/sql/ippool/mongo/queries.conf
INSTALL raddb/mods-config/sql/ippool/mysql/procedure.sql
INSTALL raddb/mods-config/sql/ippool/mysql/queries.conf
INSTALL raddb/mods-config/sql/ippool/mysql/schema.sql
INSTALL raddb/mods-config/sql/ippool/oracle/procedures.sql
INSTALL raddb/mods-config/sql/ippool/oracle/queries.conf
INSTALL raddb/mods-config/sql/ippool/oracle/schema.sql
INSTALL raddb/mods-config/sql/ippool/postgresql/procedure.sql
INSTALL raddb/mods-config/sql/ippool/postgresql/queries.conf
INSTALL raddb/mods-config/sql/ippool/postgresql/schema.sql
INSTALL raddb/mods-config/sql/ippool/sqlite/queries.conf
INSTALL raddb/mods-config/sql/ippool/sqlite/schema.sql
INSTALL raddb/mods-config/sql/main/mongo/queries.conf
INSTALL raddb/mods-config/sql/main/mssql/queries.conf
INSTALL raddb/mods-config/sql/main/mssql/schema.sql
INSTALL raddb/mods-config/sql/main/mysql/extras/wimax/queries.conf
INSTALL raddb/mods-config/sql/main/mysql/extras/wimax/schema.sql
INSTALL raddb/mods-config/sql/main/mysql/queries.conf
INSTALL raddb/mods-config/sql/main/mysql/schema.sql
INSTALL raddb/mods-config/sql/main/mysql/setup.sql
INSTALL raddb/mods-config/sql/main/ndb/README
INSTALL raddb/mods-config/sql/main/ndb/schema.sql
INSTALL raddb/mods-config/sql/main/ndb/setup.sql
INSTALL raddb/mods-config/sql/main/oracle/queries.conf
INSTALL raddb/mods-config/sql/main/oracle/schema.sql
INSTALL
raddb/mods-config/sql/main/postgresql/extras/cisco_h323_db_schema.sql
INSTALL raddb/mods-config/sql/main/postgresql/extras/voip-postpaid.conf
INSTALL raddb/mods-config/sql/main/postgresql/queries.conf
INSTALL raddb/mods-config/sql/main/postgresql/schema.sql
INSTALL raddb/mods-config/sql/main/postgresql/setup.sql
INSTALL raddb/mods-config/sql/main/sqlite/queries.conf
INSTALL raddb/mods-config/sql/main/sqlite/schema.sql
INSTALL raddb/mods-config/sql/moonshot-targeted-ids/mysql/queries.conf
INSTALL raddb/mods-config/sql/moonshot-targeted-ids/mysql/schema.sql
INSTALL raddb/mods-config/sql/moonshot-targeted-ids/postgresql/queries.conf
INSTALL raddb/mods-config/sql/moonshot-targeted-ids/postgresql/schema.sql
INSTALL raddb/mods-config/sql/moonshot-targeted-ids/sqlite/queries.conf
INSTALL raddb/mods-config/sql/moonshot-targeted-ids/sqlite/schema.sql
INSTALL raddb/mods-config/unbound/default.conf
INSTALL raddb/policy.d/abfab-tr
INSTALL raddb/policy.d/accounting
INSTALL raddb/policy.d/canonicalization
INSTALL raddb/policy.d/control
INSTALL raddb/policy.d/cui
INSTALL raddb/policy.d/debug
INSTALL raddb/policy.d/dhcp
INSTALL raddb/policy.d/eap
INSTALL raddb/policy.d/filter
INSTALL raddb/policy.d/moonshot-targeted-ids
INSTALL raddb/policy.d/operator-name
INSTALL raddb/policy.d/rfc7542
LN-S raddb/users
LN-S raddb/huntgroups
LN-S raddb/hints
Mehr Informationen über die Mailingliste Eisfair