Use FreeRADIUS for Wi-Fi Authentication - Page 2

By Eric Geier | Posted Aug 12, 2009
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Setting the EAP Settings

There are many types of EAP, so you must specify which one you want to use. We're discussing the use of PEAP, which doesn't require you to create security certificates for each user. They connect to the network using their username and password.

When you're ready, make a simple modification to the EAP configuration file:

  1. Open a Terminal, type "su" for root mode, and run "gedit" to open the Text Editor. Then open etc/raddb/eap.conf.
  2. In the first part of the EAP section, change the "default_eap_type" from "md5" to "peap".
  3. Save and close the file, but leave the Text Editor open.

Creating User Accounts

Next you need to create the usernames and passwords users will enter when connecting to the Wi-Fi network. First we'll create at least one user account in the configuration file to test the server. Later we'll discuss using a MySQL database to store the user information, which is great if you have a lot of users or need to regularly change the user credentials.

in the existing root text editor, open etc/raddb/users. Then somewhere type a username, hit Tab, and type Cleartext-Password := "thepassword".

Here's an example:

egeier Cleartext-Password := "pass123"

Save and close the file, but leave the text editor open.

Inputing the AP (Clients) Details

Now you must enter the IP address and shared secret (password) of at least one wireless access point (AP), which is called a client by FreeRADIUS. Again, as we'll discuss later, you can optionally store the client details in a database, such as MySQL. However, if you're working on a small network, it's probably easier to use the text file method.

On the existing root text editor, open etc/raddb/clients.conf and enter the details somewhere for each AP following this example:

client 192.168.0.1 {

secret = testing123

shortname = private-network-1

}

Modify the IP address as needed, enter a unique secret for each AP, and optionally enter a descriptive name. The secret and shortname are tabbed over one, and the values are also aligned with tabs. Don't forget to save the file when you're done.

Stay tuned--in the next part, we'll open the firewall, install the CA file on all the computers and configure them with the encryption and authentication settings. Plus we'll set up MySQL for the user and AP details.


Eric Geier is the author of many networking and computing books, including Home Networking All-in-One Desk Reference For Dummies (Wiley 2008) and 100 Things You Need to Know about Microsoft Windows Vista (Que 2007).

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter