Wireless Authentication and Encryption with Zeroshell Linux - Page 2
Create a New Certificate Authority
Go to Security -> X.509. Enter your information, then click Generate. This replaces the default CA, so you'll get a warning. Click OK. You should see something like Figure 1.
Note the success messages at the bottom. Now go to the Groups page and add a new user group and GID, something novel like "users, 500". Then go to the Users page and create a new user. In the Username field enter the user's login; you'll enter their first and last names farther down. Fill in the rest of the blanks and save. A private key and X.509 certificate are automatically created for each user.
Configuring the Access Point
The configuration interfaces vary with every access point, but you always need the same information:
- RADIUS/Zeroshell server IP address
- RADIUS/Zeroshell server port, default 1812
- Shared Secret
- Type of authentication, which is WPA2, sometimes called WPA Enterprise
Come back for part 2 to learn how to set up your wireless clients to authenticate to your new RADIUS server.
- Zeroshell forums
- Zeroshell.net, English pages
- Build a Secure Logging Server with syslog-ng
- Guide to IP Layer Network Administration with Linux
- HOWTO: WPA/WPA2 Enterprise Authentication has a lot of helpful screenshots
- Linux Networking Cookbook has several recipes for RADIUS and building a good stout Linux-based WAP