HowtoForge - Linux Howtos in English English|HowtoForge.de - Linux-Howtos auf Deutsch Deutsch

Wifi Authentication/Accounting With FreeRadius On CentOS 5 - Page 3

Submitted by awan (Contact Author) (Forums) on Wed, 2008-07-09 15:53. ::

Step 6 ******************** Configure end wifi clients ********************

Install certificates

Certification authority CA.der (according to above certificate method it should be cacert.der).

Server certificate with keys sever.p12 (according to above certificate method, it should be server_keycert.p12).

Note: The following screenshots are from Windows 2003 server. But it shouldn't be very different for Windows XP.

Go to “start”, select “run”& type “mmc”.

Follow the same procedure for importing server.p12 certificate into “trusted Root” section.

That is it for EAP/PEAP (TTLS), but for TLS you also need to import/install the client certificate. (You would also need to modify your eap.conf file for TLS.)

 

Configuring the wifi interface

View the “My network neighborhood”, choose your Access point, in this case “AP3200” (not really its named mydlink here).

  • Press “ok”, “ok,and “ok”. Your done configuring the wifi.
  • Immediately “disable”the wifi interface. Righ click & choose “disable”.
  • After a second or two , re-enable the wifi interface. You should be prompted for username/password/Logindomain.
  • Simply supply the username/password & press”ok”.
  • You should connect in less than a second.

Congratulations you have configured a WPA1/2 enterprise wifi network.

Possible problems/Solutions:

  • Freeradius not compiled with openssl support. (Google.)
  • Certificates not installed correctly. (Use demo certificates/use some automating script.)
  • End client XP is not supporting protocol. (Install possibly the latest service pack.)
  • Client/AP not communicating. (Turn off the firewall or open the ports.)
  • AP not communicating. (Reset/restart or update the firmware.)
  • Client not getting authenticated. (Check logs/ run the freeradius server in debug mode e.g radiusd -X -z.)

 

Reference:

Note: Many thanks to freeradius.org developers, forum members & the people who wrote some of the mentioned below articles/howtos.

http://support.microsoft.com/kb/814394/en-us

http://wiki.freeradius.org/Main_Page

http://www.linux.com/base/ldp/howto/8021X-HOWTO/freeradius.htmlt#confradius

http://www.freesoftwaremagazine.com/community_posts/howto_incremental_setup_freeradius_server_eap_authentications

http://www.linuxjournal.com/article/8151

http://www.linuxjournal.com/article/8095

http://davenjudy.org/wordpress/?p=22

http://wiki.freeradius.org/HOWTO

http://www.wi-fiplanet.com/tutorials/article.php/3557251

http://www.wi-fiplanet.com/tutorials/article.php/3555556

http://www.smallnetbuilder.com/content/view/30213/98/

http://sophie.zarb.org/srpm/Fedora,development,/freeradius

up

Copyright © 2008 osman
All Rights Reserved.
print: this | all page(s) | login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Please do not use the comment function to ask for help! If you need help, please use our forum: http://www.howtoforge.com/forums
Comments will be published after administrator approval.
Thanks for the tutorial!A
Submitted by korovamilk (Contact Author) (Forums) on Wed, 2008-07-23 10:16.

Thanks for the tutorial!

A question: as long as you know, does this work with smartphones? I mean, do they accept the selfsigned certificate?

I heard it is impossible to make smartphones to connect to wpa enterprise class networks without a CA signed certificate..

login or register to post comments | Email this page to a friend email this page | view as pdf view as pdf