[GRLUG] WPA2-Enterprise, RADIUS and Linux

Chris Wieringa cwieri39 at calvin.edu
Mon May 12 08:34:27 EDT 2008


>>> On 5/11/2008 at 4:50 AM, in message
<f5e00c450805110150p21b956eah65dc615d17685b25 at mail.gmail.com>, "Michael Mol"
<mikemol at gmail.com> wrote:
> My wireless network is almost completely set-up.  Since my access
> point can serve as AP to two SSIDs at the same time, with different
> wireless and LAN settings for both, I've got it partitioned out.
> 
> On one hand, I've got a weak-security WEP network for guests and
> family members with mobile devices that don't support WPA2.  On the
> other hand, I've got a strong-security WPA2-Personal with frequent
> group-key changes.  And since the AP support it, I've got the two
> networks on mutually-exclusive subnets, with the AP/router providing
> Internet service to both.
> 
> Since I can, I'd like to switch the stronger network to
> WPA-Enterprise, and have it authenticate clients against my Linux
> desktop's user accounts.  Which means I need to set up a RADIUS
> server.
> 
> I haven't done that before...Any recommendations or caveats?

I would recommend getting freeRADIUS running on your desktop machine - www.freeradius.org .  When I first set it up, I followed the excellent set of articles in Linux Journal to do so (linked below).  Basically, it requires installing and configuring the server, generating a server self-signed SSL certificate, and setting your AP to authenticate against it.  After that, launch the server in debug mode and try an authentication and work on it from there.  The Linux Journal articles describe setting up 802.1X with TLS and certificates, but it's fairly easy to default your authentication mode to do TLS and PEAP instead when you are setting freeRADIUS up (just make sure your password store is compatible with MS-CHAPv2).

I can answer some basic questions if you have them - shoot me an email off-list.

Chris

Article links:
Part 1: http://www.linuxjournal.com/article/8017 
Part 2: http://www.linuxjournal.com/article/8095 
Part 3: http://www.linuxjournal.com/article/8151 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shinobu.grlug.org/pipermail/grlug/attachments/20080512/4a006049/attachment-0001.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3188 bytes
Desc: S/MIME Cryptographic Signature
Url : http://shinobu.grlug.org/pipermail/grlug/attachments/20080512/4a006049/attachment-0001.bin 


More information about the grlug mailing list