Help!!! – Setting up a wireless connection using RADIUS.

Home Page Forums Network Management Networking Help!!! – Setting up a wireless connection using RADIUS.

This topic contains 6 replies, has 0 voices, and was last updated by  matthew.a.squires 10 years, 8 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #41161

    My Zeroshell server is my Wireless AP.

    I am using Windows and I have copied my “X.509 Certificates” to the XP OS and selected it in the Wireless Connection in the “EAP Type” Properties.
    I created a User account in Zeroshell.
    I made sure that the Windows Authentication is not being password to the RADIUS Server.
    I unchecked “Authenticate as computer” and “Authenticate as Guest”

    The major difference between my setup and the instructions I have reviewed is that the instructions use a separate AP; such a LinkSYS, TrendNet, Netgear and so on.
    I am using Zeroshell as my AP.

    The RADIUS “Access Points” setup has the “AP Name | AP Address | Secrete”.

    I have even tried removing the Secrete Key from my “Access Points Setup”.

    I cannot get my wireless client to authenticate. In fact, I am not getting the Logon window (to enter the UserID and Password I created in Zeroshell) I would use to Authenticate.

    Can you please provide instructions on setting up my wireless client to authenticate using RADIUS when Zeroshell is my AP and RADIUS Server?

    ***Thank You Very Much In Advance***

    #46853

    imported_fulvio
    Participant

    If the wi-fi access point acts also as RADIUS server you do not need to configure it in the Access Point list with shared secret. This is because Zeroshell configures automatically FreeRADIUS for the NAS 127.0.0.1.
    In any case, post the Radius and 802.1x logs and so we’ll try to debug your setup.

    Regards
    Fulvio

    #46854

    I will remove the information from the “Access Point List” and try it. Thanks
    If I run into any more issues I will post the log.

    Thanks Again.

    #46855

    imported_fulvio
    Participant

    Yes, but I do not think you solve the problems with this. Post the logs.

    Regards
    Fulvio

    #46856

    I will make the change and post the LOG after work.

    Question about RADIUS & Encryption

    Is the communication encrypted after authentication?

    According to you RADIUS text under “Authentication on Wireless networks with 802.1x, WPA and WPA2”, the Authentication process is Encrypted.
    I am unable to determine (or I am not seeing) if the connection remains encrypted.

    The CA Certificate is installed in the XP OS and selected within the client wireless connection.
    The User Accounts have a certificate associated with each of them.

    Client Wireless Network Properties:

    Association Tab | Network Authentication: WPA2
    Association Tab | Data Encryption: AES

    Authentication Tab | EAP Type: Protected PEA (PEAP)

    Protected EAP Properties | Validate Server Certificate – Checked
    Protected EAP Properties | Connect to These Servers – Checked (server or address entered)
    Protected EAP Properties | Trusted Root Certification Authorities – Zeroshell CA Cert Selected
    Protected EAP Properties | Authentication Method – Secured password (EAP-MSCHAP v2)

    EAP MSCHAPv2 Properties | Automatically use my Windows login name and password – UnChecked

    #46857

    20:33:38 rlm_eap_mschapv2: Issuing Challenge
    20:33:41 Login OK: [johndoe] (from client localhost port 0)
    20:33:41 Login OK: [johndoe] (from client localhost port 0 cli 00-00-00-00-00-00)

    #46858

    imported_fulvio
    Participant

    In any case if you use WPA/WPA2 (Wi-Fi Protected Access) either PSK or Enterprise the layer 2 of the communication is encrypted.
    WPA Enterprise (your case) uses a IEEE 802.1x RADIUS server to authenticate and dynamically generate and exchange the encryption keys. In addition, the keys are renewed during the same session. For this reason WPA Enterprise is more secure than WPA with Pre-Shared Key. The encryption keys are very hard to be guessed because are continuously changed.

    Regards
    Fulvio

    #46859

    Thank You

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.