MIRF-Hands-on_final_x - Moxa MTSC World

apatheticyogurtΛογισμικό & κατασκευή λογ/κού

13 Δεκ 2013 (πριν από 4 χρόνια και 19 μέρες)

152 εμφανίσεις

MIRF application
-

RADIUS
server

Prepared by:

Date: mm
-
dd
-
yyyy

Wireless access on moving vehicle

Confidential

I’m on
the
train!

Internet

Hardware requirement


Wireless access point
that goes to the Internet



A server with AAA
concept


Confidential

UC
-
8481 has
WiFi

and
3G module. With MIRF
the routing

mechanism
is ready!

AAA concept


Who are you?



What service do I allow you to use?



How much money you have to pay for the
services?



Confidential

Authentication

Authorization

Accounting

RADIUS
(
R
emote
A
uthentication
D
ial
-
I
n
U
ser
S
ervice)


A
uthentication


A
uthorization


A
ccounting


Confidential

VPN server

Dial
-
in server

WiFi AP

802.1x

Provide a secure service for AAA!


802.1X Authentication Process

1. Use “SSID” to connect to an AP.

Confidential

Wireless

User


User

Wireless

AP

RADIUS

Server

Internet


Encrypted

1

Wireless

User


User

Wireless

AP

RADIUS

Server

Internet


Encrypted

802.1X Authentication Process

2
-
1. The tunnel is limited to communicate with
the RADIUS server for authentication.

2
-
2. Get certificate from the RADIUS server..

2

Wireless

User


User

Wireless

AP

RADIUS

Server

Internet


Encrypted

802.1X Authentication Process

3. The RADIUS server issues the secure keys
and gives authorizations to AP.

3

Wireless

User


User

Wireless

AP

RADIUS

Server

Internet


Encrypted

802.1X Authentication Process

4. All packets will be encrypted through WLAN.

5. The user can use the authorized services after
the authentication.

4, 5

RADIUS Authentication and
Authorization Flow


Objective

for today’s hands
-
on


Create a web page to input RADIUS configurations.


Input RADIUS server IP and shared key.


Click “Apply” to activate
mxRadius


Confidential

MIRF MVC architecture


To add RADIUS to MIRF, we need to modify the
view
, the
model
, and the
controller

separately.

Confidential

VIEW

MODEL

CONTROLLER
Programs

Web server

SQLite3

database

Shell script

View


CodeIgniter:
a toolkit for people who build web
sites using PHP.
Uses MVC architecture
.

Confidential

where the
webpage layout
is

where the
related functions
are

where the
webpage actions
are

basicSidebar.php

basicDemo.php

basicDemo.php

Sys_demo_model

* Files to add or modify

In CI, usually file names of
controllers and views are
correlated.

MVC

in CodeIgniter


Confidential

Figure

Form

Two buttons

Layout (views)


Submit

what is in the form,
search

database and
re
-
direct

to search result

Actions
(controllers)


Functions
(models)


Model


Sqlite

database:
/home/
mirf
/db/
moxa.db



demoRadiusTbl


Confidential

* Files to add or modify

Controller


Shell Script: /
usr
/local/bin

The controller program:
mxRadius

The linker of table and controller program:

mxRegister.config





Confidential

* Files to add or modify

What does
mxRadius

do?


read data from
sqlite

table
demoRadiusTbl


generate
hostapd

configuration file
/etc/
hostapd
/
hostapd.conf


restart
hostapd

service


Confidential

What is
hostapd
?

hostapd

is an

IEEE 802.11 AP and
IEEE 802.1X/WPA/WPA2/EAP/RADIUS
Authenticator
provided by
linux

Recap:
mxEventNotifier

Work Flow

mxEventNotifier

mxRegister.config

mxRadius

Check
demoRadiusTbl

and see if “modified” = 1

No

Yes

/home/
mirf
/
CodeIgniter
/application/vi
ews/basicSidebar.php


Add a line after line16:

<li><a href="/basicDemo">RADIUS</a></li>


How to use vi ? check Appendix A



Use PC to check


Open browser, connect to
192.168.27.2


see if RADIUS option is listed
under system like in the right.

Confidential

Modify: basicSidebar.php

/home/
mirf
/
CodeIgniter
/application/
views/basicDemo.php


Use
views/basicSystemPassword.php
as a
template to create
views/basicDemo.php

# cp basicSystemPassword.php basicDemo.php


Edit basicDemo.php


How to use vi ? check Appendix A

line56
Password

-
>RADIUS Configurations

line58
This page allows users to set up the password…..
-
> (give description here)

*line66
/
basicSystemPassword
/set

-
>/
basicDemo
/set

Confidential

…views/basicDemo.php
(Cont.)

line71
Password setup
-
> RADIUS setup

line73
New Password
-
> Server IP

line78
Confirm New Password
-
>Shared Key

*line86
/
basicSystemPassword

-
> /
basicDemo


Check the webpage

Open browser,

connect to
192.168.27.2

Confidential

Add: basicDemo.php

(copied from basicSystemPassword.php)

/home/
mirf
/CodeIgniter/application/
controllers/
basicDemo.php


Use
controllers/basicSystemPassword.php
as a
template to create
controllers/basicDemo.php

# cp basicSystemPassword.php basicDemo.php


Edit
controllers/basicDemo.php

*
line3
-
>class
BasicDemo

extends

*line8
sys_pwd_model

-
>
sys_demo_model

*line26
-
>
set_rules
('password', 'Password', 'required')

*line37 >
sys_demo_model
-
>
set_server
();

Confidential

Add: basicDemo.php

(copied from basicSystemPassword.php)

/home/
mirf
/
CodeIgniter
/application/mod
els/
sys_demo_model.php


Use
models/sys_pwd_model.php
as a
template to create
models/sys_demo_model.php

*line2
Sys_pwd_model

-
> Sys_demo_model

Comment function
get_pwd
() and
get_svr_state
()

*modify function
set_pwd
() to
set_server
() as in
next page


Confidential

public function
set_server
()


{



$data = array(


'
ServerIP
' => $this
-
>input
-
>post('password'),

'Key' => $this
-
>input
-
>post('
passwordConfirm
'),

'modified' => '1', );



$this
-
>db
-
>update('
demoRadiusTbl
', $data);


}

Confidential

Create Database table
demoRadiusTbl


Enter the database

#
cd

/home/
mirf
/db

#sqlite3
moxa.db


Create
demoRadiusTbl

like follows:



sqlite
> CREATE TABLE
demoRadiusTbl
(
ServerIP

varchar
(30), Key
varchar
(30), modified INTEGER);


Check
demoRadiusTbl

table is created:

sqlite
> .table




Confidential

ServerIP

Key

modified

varchar
(30)

varchar
(30)

integer

mxEventNotifier

Enter into database.

Create a table in
moxa.db
.

List table
in
moxa.db
.

Modify
mxRegister.config


add a line in the file:

demoRadiusTbl
="
mxRadius
"

Confidential

Write Controller program
mxRadius


pre
-
written for demo


locate the file to
/
usr
/local/bin/
mxRadius


mxRadius

will write a configure file for
hostapd
, and restart the service.

Confidential

Check if
mxRadius

is activated


go to web configuration and set RADIUS


connect to UC8481 and check
hostapd

service
is enabled.

Appendix A: vi basic commands


Call vi to open a file named
test

# vi test


enter insert mode in vi:
i




leave insert mode:
Esc



save file
:w




Exit vi
:q!




Save file and then exit
:
wq




Go to line 30
:30


Confidential

Appendix B: sqlite3 basic commands


list table:
.table


exit sqlite3:
.exit


Create table

CREATE TABLE
tablename
(
columnname1

datatype
,
columnname2

datatype
…..);


Rename table

ALTER TABLE
old_
tablename

CHANGE TO
new_tablename

Confidential