How To Set Up A Wireless Network Using WPA/WPA2 With Radius Authentication With CIITIX-WiFi - Page 2

At this point your new radius authentication server is installed and will now restart and boot. After the reboot is complete will find out the machine's IP address so we can administer it.

15) After it has rebooted, log into the machine with username root and password you created before.

16) Now click on JWM > Terminal you will see a black box appear, in that type

ifconfig

Then hit enter. It will display the status of all network cards on the system. Mine is called eth0 with an IP address of 192.168.0.15 as in the picture. Your IP will be different. Look for inet addr:

Administration of the system is done through a web page. Some users will want to enable this page to be viewed over the local network. By default it is not done, meaning you need physical access to the machine it is running on to add users etc. If you Don't want to enable remote viewing of the web interface skip this section.

All we need to do is edit one text file and change one parameter. If you know how to edit this file change line 290 to read:

Allow from all

The file is located in /etc/apache2/apache2.conf. We need to obtain a program called WinSCP and install it on a Windows based PC. This program is like a remote file explorer for a Linux based system. Download and install it from http://winscp.net/eng/download.php. After you have this program installed run it and follow these steps:

A) Click NEW.

B) Fill out the details:

host name = ip address of the machine
user name = root
password = the password you created before

C) Click Save.

D) Now click Login.

E) Double click on the two dots ( ..) at the top of the directory listing:

F) Now double click on the following in this order:

etc
apache2
apache2.conf

G) It will now open up the apache2.conf file for editing. Go right to the bottom of the file to line 290 and make it read:

Allow from all

Click the disk icon on the top left to save it and now close that window.

H) Now in WinSCP go to Commands > open terminal (or Crtl+T does the same thing) and copy and paste the following command, then hit execute:

/etc/init.d/apache2 restart

This will restart the web server and re read the file we just edited and all access to the web interface from the local network.

I) Using your web browser point it to the IP address if your machine. Replace 192.168.0.15 with your IP address.

192.168.0.15/daloradius

You will be greeted with the login page. The username is administrator and password is radius. If you have enabled the web administration on the local network you will want to change this password. If you enter something incorrect you will get this error:

The following will set up a single user and NAS device.

17) Go to management > user > new user and enter a username and password of your choice. Make sure to select Cleartext-Password as the type. After you're done, click Apply.

18) Go to Management > NAS > new NAS.

A) Enter the IP address of your access point or router, in this case it's 192.168.0.1

B) Create a password in NAS Secret.

C) NAS Type = other (unless your using a Cisco AP choose other).

D) Create a short NAS name, in this case I chose dlinkap:

Now we're done here, we need to log into the access point / router and make it use the new authentication server.

The following screenshots used here are from a D-Link DAP-1150 access point. Practically all access points are the same, you will need to find where yours keeps these settings. What we need to do is make it use WPA or WPA2 enterprise and specify the radius server, that's it. The radius server IP is the IP address of the CIITIX-WiFi server and the port is always 1812 and the shared secret is the password you created when we were adding a NAS device.

The only thing left is to get a copy of the certificates that our workstation will use to log on. Using WinSCP navigate to

/etc/freeradius/certs/client-certificates

You will see two file in there. Copy these to your desktop, you can drag and drop these from WinSCP. It makes good sense to copy these to a USB flash drive for ease of installation on other PC's. Check out previous steps on where to get and how to use WinSCP.

With Windows 7 you can double click on one of these certificates and an installation wizard will appear to guide you.

Make sure you specify to install them in trusted root certificates the same goes for windows XP, Vista. Now upon trying to connect to the wireless network you will be prompted for a password. Enter the username and password you created in the 'users' section in the web management and that's it. The password for the certificate when installing is ciitixwifi your done!

A quick guide is:

1) On the workstation double click on the ca certificate > click open > click install certificate > click next > choose place all in following store > click browse > click trusted root certification > click ok > click next > finish:

2) Double click on server certificate > click next > click next > enter password ciitixwifi > click next > place all in following store > browse > trusted root ca > ok > next > finish.

That's it. When you try to connect to the WiFi network it will use the certificate automatically and ask for a user name and password as pictured below.

Windows might complain upon the first time using the certificate. This is normal and it won't ask you gain after the first time. Its because its a self signed certificate from your CIITIX-WiFi server. Iphone and Ipad devices will automatically obtain the certificates from the server. You do not need to install these manually. Linux users will need to Install the certificates, there are many flavours of Linux, but some distros such as Linux Mint which is Ubuntu based can install the certificates by double clicking on them. Again a wizard appears to guide you.

Other devices which are run an embedded OS such as the Nintendo Wii for example may not be compatible with Enterprise Authentication.

Share this page:

2 Comment(s)