Help!!! – Setting up a wireless connection using RADIUS.

[matthew.a.squires]

My Zeroshell server is my Wireless AP.

I am using Windows and I have copied my “X.509 Certificates” to the XP OS and selected it in the Wireless Connection in the “EAP Type” Properties.
I created a User account in Zeroshell.
I made sure that the Windows Authentication is not being password to the RADIUS Server.
I unchecked “Authenticate as computer” and “Authenticate as Guest”

The major difference between my setup and the instructions I have reviewed is that the instructions use a separate AP; such a LinkSYS, TrendNet, Netgear and so on.
I am using Zeroshell as my AP.

The RADIUS “Access Points” setup has the “AP Name | AP Address | Secrete”.

I have even tried removing the Secrete Key from my “Access Points Setup”.

I cannot get my wireless client to authenticate. In fact, I am not getting the Logon window (to enter the UserID and Password I created in Zeroshell) I would use to Authenticate.

Can you please provide instructions on setting up my wireless client to authenticate using RADIUS when Zeroshell is my AP and RADIUS Server?

***Thank You Very Much In Advance***

[imported_fulvio]

If the wi-fi access point acts also as RADIUS server you do not need to configure it in the Access Point list with shared secret. This is because Zeroshell configures automatically FreeRADIUS for the NAS 127.0.0.1.
In any case, post the Radius and 802.1x logs and so we’ll try to debug your setup.

Regards
Fulvio

[matthew.a.squires]

I will remove the information from the “Access Point List” and try it. Thanks
If I run into any more issues I will post the log.

Thanks Again.

[imported_fulvio]

Yes, but I do not think you solve the problems with this. Post the logs.

Regards
Fulvio

[matthew.a.squires]

I will make the change and post the LOG after work.

Question about RADIUS & Encryption

Is the communication encrypted after authentication?

According to you RADIUS text under “Authentication on Wireless networks with 802.1x, WPA and WPA2”, the Authentication process is Encrypted.
I am unable to determine (or I am not seeing) if the connection remains encrypted.

The CA Certificate is installed in the XP OS and selected within the client wireless connection.
The User Accounts have a certificate associated with each of them.

Client Wireless Network Properties:

Association Tab | Network Authentication: WPA2
Association Tab | Data Encryption: AES

Authentication Tab | EAP Type: Protected PEA (PEAP)

Protected EAP Properties | Validate Server Certificate – Checked
Protected EAP Properties | Connect to These Servers – Checked (server or address entered)
Protected EAP Properties | Trusted Root Certification Authorities – Zeroshell CA Cert Selected
Protected EAP Properties | Authentication Method – Secured password (EAP-MSCHAP v2)

EAP MSCHAPv2 Properties | Automatically use my Windows login name and password – UnChecked

[matthew.a.squires]

20:33:38 rlm_eap_mschapv2: Issuing Challenge
20:33:41 Login OK: [johndoe] (from client localhost port 0)
20:33:41 Login OK: [johndoe] (from client localhost port 0 cli 00-00-00-00-00-00)

[imported_fulvio]

In any case if you use WPA/WPA2 (Wi-Fi Protected Access) either PSK or Enterprise the layer 2 of the communication is encrypted.
WPA Enterprise (your case) uses a IEEE 802.1x RADIUS server to authenticate and dynamically generate and exchange the encryption keys. In addition, the keys are renewed during the same session. For this reason WPA Enterprise is more secure than WPA with Pre-Shared Key. The encryption keys are very hard to be guessed because are continuously changed.

Regards
Fulvio

[matthew.a.squires]

Thank You

[Author]

Posts