Use FreeRADIUS for Wi-Fi Authentication - Page 2

By Eric Geier | Aug 12, 2009
Page 2 of 2   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Setting the EAP Settings

There are many types of EAP, so you must specify which one you want to use. We're discussing the use of PEAP, which doesn't require you to create security certificates for each user. They connect to the network using their username and password.

When you're ready, make a simple modification to the EAP configuration file:

  1. Open a Terminal, type "su" for root mode, and run "gedit" to open the Text Editor. Then open etc/raddb/eap.conf.
  2. In the first part of the EAP section, change the "default_eap_type" from "md5" to "peap".
  3. Save and close the file, but leave the Text Editor open.

Creating User Accounts

Next you need to create the usernames and passwords users will enter when connecting to the Wi-Fi network. First we'll create at least one user account in the configuration file to test the server. Later we'll discuss using a MySQL database to store the user information, which is great if you have a lot of users or need to regularly change the user credentials.

in the existing root text editor, open etc/raddb/users. Then somewhere type a username, hit Tab, and type Cleartext-Password := "thepassword".

Here's an example:

egeier Cleartext-Password := "pass123"

Save and close the file, but leave the text editor open.

Inputing the AP (Clients) Details

Now you must enter the IP address and shared secret (password) of at least one wireless access point (AP), which is called a client by FreeRADIUS. Again, as we'll discuss later, you can optionally store the client details in a database, such as MySQL. However, if you're working on a small network, it's probably easier to use the text file method.

On the existing root text editor, open etc/raddb/clients.conf and enter the details somewhere for each AP following this example:

client 192.168.0.1 {

secret = testing123

shortname = private-network-1

}

Modify the IP address as needed, enter a unique secret for each AP, and optionally enter a descriptive name. The secret and shortname are tabbed over one, and the values are also aligned with tabs. Don't forget to save the file when you're done.

Stay tuned--in the next part, we'll open the firewall, install the CA file on all the computers and configure them with the encryption and authentication settings. Plus we'll set up MySQL for the user and AP details.

Eric Geier is the author of many networking and computing books, including Home Networking All-in-One Desk Reference For Dummies (Wiley 2008) and 100 Things You Need to Know about Microsoft Windows Vista (Que 2007).

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >