Wireless Authentication and Encryption with Zeroshell Linux - Page 2

Continued from page 1

Create a New Certificate Authority

Go to Security -> X.509. Enter your information, then click Generate. This replaces the default CA, so you'll get a warning. Click OK. You should see something like Figure 1.

Note the success messages at the bottom. Now go to the Groups page and add a new user group and GID, something novel like "users, 500". Then go to the Users page and create a new user. In the Username field enter the user's login; you'll enter their first and last names farther down. Fill in the rest of the blanks and save. A private key and X.509 certificate are automatically created for each user.

Now go to the Radius page. Enable the Radius server, then go to the Access Points tab and add an access point. The IP address of your access point must be in CIDR notation, for example 172.16.10.101/32. (The /32 netmask equals a single address.) Then create a strong shared secret with a maximum lengths of 32 characters

Configuring the Access Point

The configuration interfaces vary with every access point, but you always need the same information:

• RADIUS/Zeroshell server IP address
• RADIUS/Zeroshell server port, default 1812
• Shared Secret
• Type of authentication, which is WPA2, sometimes called WPA Enterprise

Come back for part 2 to learn how to set up your wireless clients to authenticate to your new RADIUS server.

Resources

• Zeroshell forums
• Zeroshell.net, English pages
• Build a Secure Logging Server with syslog-ng
• Guide to IP Layer Network Administration with Linux
• HOWTO: WPA/WPA2 Enterprise Authentication has a lot of helpful screenshots
• Linux Networking Cookbook has several recipes for RADIUS and building a good stout Linux-based WAP