* based on Debian
1.
apt-get install iptables perl libdbi-perl libdbd-mysql-perl libdigest-md5-perl libnet-netmask-perl pgp apache-ssl
2.
tar xvzf NoCatAuth-0.82.tar.gz
cd NoCatAuth-0.82
mkdir /usr/local/nocat
make PREFIX=/usr/local/nocat/gateway gateway (使用iptables要先修改bin/detect-fw.sh 讓程式可以跑在kernel 2.16以上的OS,預設是2.4)
3.
make PREFIX=/usr/local/nocat/authserv authserv
make PREFIX=/usr/local/nocat/authserv pgpkey <-- 在passphrase時不要輸入任何資料
cp /usr/local/nocat/authserv/trustedkeys.gpg /usr/local/nocat/gateway/pgp/
chown -R www-data:www-data /usr/local/nocat/authserv/pgp/
chown -R www-data:www-data /usr/local/nocat/authserv/etc/
chown -R www-data:www-data /usr/local/nocat/authserv/cgi-bin/
4.
/usr/local/nocat/gateway/nocat.conf :
AuthServiceAddr 192.168.4.51
ExternalDevice eth0
InternalDevice eth1
LocalNetwork 192.168.4.0/24
DNSAddr 111.222.333.444
IncludePorts 22 80 443
LogFacility internal
5.
/usr/local/nocat/authserv/nocat.conf :
LocalNetwork 192.168.4.0/24
設定認證方式
DataSource Passwd
UserFile /usr/local/nocat/authserv/etc/passwd
GroupUserFile /usr/local/nocat/authserv/etc/group
GroupAdminFile /usr/local/nocat/authserv/etc/groupadm
6. cert
cd /etc/ssl/certs openssl req -new > nocat.cert.csr
openssl rsa -in privkey.pem -out new.cert.key
openssl x509 -in nocat.cert.csr -out nocat.cert.cert -req -signkey new.cert.key -days 365
7.
/etc/apache-ssl/httpd.conf :
因為images已經有被使用過Alias所以
將 alias /images/ /usr/share/images/ 改成 alias /images/ /usr/local/nocat/authserv/htdocs/images/
LoadModule env_module /usr/lib/apache/1.3/mod_env.so
(virtualhost 192.168.4.51) <-()要改成<>
ServerName 192.168.4.51 SSLCertificateFile /etc/ssl/certs/nocat.cert.cert SSLCertificateKeyFile /etc/ssl/certs/new.cert.key DocumentRoot /usr/local/nocat/authserv/htdocs Include /usr/local/nocat/authserv/httpd.conf
(/virtualHost)
8.
start apache-ssl:
/etc/init.d/apache-ssl restart
9.
Add users
/usr/local/nocat/authserv/bin/admintool -c username password
10.
start gateway
/usr/local/nocat/gateway/bin/gateway
Reference:
http://ginfo.egim-mrs.fr/wiki/doku.php?id=howtos:nocat
http://www.wi-fiplanet.com/tutorials/article.php/3286631
Tuesday, January 09, 2007
Subscribe to:
Posts (Atom)
