Scribd
Upload
38 views

Lab 3. Authentication

The document outlines instructions for three authentication-related lab exercises: 1) Configuring password policies on Linux and Windows, including options like minimum password length, complexity requirements, and account lockouts. 2) Setting up WPA2 personal WiFi authentication with a shared password on a wireless access point. 3) Implementing 802.1X authentication with a RADIUS server, including configuring the RADIUS server and authenticator (access point) and testing client authentication.

Uploaded by

Quang Hùng Nguyễn
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
38 views

Lab 3. Authentication

The document outlines instructions for three authentication-related lab exercises: 1) Configuring password policies on Linux and Windows, including options like minimum password length, complexity requirements, and account lockouts. 2) Setting up WPA2 personal WiFi authentication with a shared password on a wireless access point. 3) Implementing 802.1X authentication with a RADIUS server, including configuring the RADIUS server and authenticator (access point) and testing client authentication.

Uploaded by

Quang Hùng Nguyễn
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Lab 03.

Authentication
Submission:

You will compose a lab report that documents each step you take, including screenshots to illustrate the
effects of commands you type, and describing your observations. Simply attaching code without any
explanation will not receive credits

Time duration: 1 week

1. Password policies
a) Linux:Ubuntu

Step 1. Install package: PAM (lib-pamquality)

$ sudo apt install libpam-pwquality

Step 2. Edit the configuration:

$sudo vi /etc/pam.d/common-password

Options:
retry: No. of consecutive times a user can enter an incorrect password.
minlen: Minimum length of password
difok: No. of character that can be similar to the old password
lcredit: Min No. of lowercase letters
ucredit: Min No. of uppercase letters
dcredit: Min No. of digits
ocredit: Min No. of symbols
reject_username: Rejects the password containing the user name
enforce_for_root: Also enforce the policy for the root user
Example:

password requisite pam_pwquality.so retry=4 minlen=9 difok=4 lcredit=-2 ucredit=-2 dcredit=-


1 ocredit=-1 reject_username enforce_for_root

Verify the configuration:

Create an account: $sudo useradd testuser

$sudo passwd testuser

Step 3. Edit the configuration:

$sudo vi /etc/login.defs

Verify the configuration

b) MS Windows:
Create an account and test some functionalities:
- Minimum the password length
- Strong password
- Account lockout threshold

Step 1. Set up the network topology

Step 2. Upgrade Server to domain controller (HCMUTE.VN) & create an account (testuser)

Step 3. Join PC to Domain Controller (account: testuser)

Step 4. Configure the password policy in Domain Controller

Step 5. Verify the configuration on the PC client

2. WiFi authentication (WPA2)

Network topology

Step 1. Configure DHCP server


- IP address: 192.168.10.254
- DHCP server:
o Network: 192.168.10.0/24
o IP range: 192.168.10.100 – 192.168.10.200
o Default gateway: 192.168.10.1
o DNS: 8.8.8.8
Step 2. Configure AP
- SSID: ATTT
- Authentication: WPA2 – Personal
- Password: Lab03@spkt
`
Test on the Laptop: IP address, ping to other PCs.

3. Authentication with Radius server (802.1X)


Network topology:

Lab environment: Cisco Packet Tracer


Step 1. Configure IP address & DHCP server
- DHCP server: 192.168.10.254/24
- Configure DHCP server
o Network: 192.168.10.0/24
o IP range: 192.168.10.100 – 192.168.10.200
o Default gateway: 192.168.10.1
o DNS: 8.8.8.8
Step 2. Configure AP’s IP address
- AP’s IP address: 192.168.10.250/24
- SSID: ATTT
- Authentication (radius server): WPA2 - Enterprise
Step 3. Configure RADIUS server
- Set the IP address of the Radius client (the authenticator – AP’s IP address)
- Set the key-ID
- Create accounts
Step 4. Configure RADIUS client ( authenticator) on the AP
- Set the IP address of the Radius server
- Set the key-ID (the same as Key-ID on the Radius server)
Step 5. Verify the configuration - test on the supplicant
- Check IP address information and ping to other PCs

You might also like