August 26, 2008 at 12:56 pm #41161
My Zeroshell server is my Wireless AP.
I am using Windows and I have copied my “X.509 Certificates” to the XP OS and selected it in the Wireless Connection in the “EAP Type” Properties.
I created a User account in Zeroshell.
I made sure that the Windows Authentication is not being password to the RADIUS Server.
I unchecked “Authenticate as computer” and “Authenticate as Guest”
The major difference between my setup and the instructions I have reviewed is that the instructions use a separate AP; such a LinkSYS, TrendNet, Netgear and so on.
I am using Zeroshell as my AP.
The RADIUS “Access Points” setup has the “AP Name | AP Address | Secrete”.
I have even tried removing the Secrete Key from my “Access Points Setup”.
I cannot get my wireless client to authenticate. In fact, I am not getting the Logon window (to enter the UserID and Password I created in Zeroshell) I would use to Authenticate.
Can you please provide instructions on setting up my wireless client to authenticate using RADIUS when Zeroshell is my AP and RADIUS Server?
***Thank You Very Much In Advance***August 26, 2008 at 2:20 pm #46853
If the wi-fi access point acts also as RADIUS server you do not need to configure it in the Access Point list with shared secret. This is because Zeroshell configures automatically FreeRADIUS for the NAS 127.0.0.1.
In any case, post the Radius and 802.1x logs and so we’ll try to debug your setup.
FulvioAugust 26, 2008 at 4:03 pm #46854
I will remove the information from the “Access Point List” and try it. Thanks
If I run into any more issues I will post the log.
Thanks Again.August 26, 2008 at 7:04 pm #46855
Yes, but I do not think you solve the problems with this. Post the logs.
FulvioAugust 27, 2008 at 2:44 pm #46856
I will make the change and post the LOG after work.
Question about RADIUS & Encryption
Is the communication encrypted after authentication?
According to you RADIUS text under “Authentication on Wireless networks with 802.1x, WPA and WPA2”, the Authentication process is Encrypted.
I am unable to determine (or I am not seeing) if the connection remains encrypted.
The CA Certificate is installed in the XP OS and selected within the client wireless connection.
The User Accounts have a certificate associated with each of them.
Client Wireless Network Properties:
Association Tab | Network Authentication: WPA2
Association Tab | Data Encryption: AES
Authentication Tab | EAP Type: Protected PEA (PEAP)
Protected EAP Properties | Validate Server Certificate – Checked
Protected EAP Properties | Connect to These Servers – Checked (server or address entered)
Protected EAP Properties | Trusted Root Certification Authorities – Zeroshell CA Cert Selected
Protected EAP Properties | Authentication Method – Secured password (EAP-MSCHAP v2)
EAP MSCHAPv2 Properties | Automatically use my Windows login name and password – UnCheckedAugust 28, 2008 at 1:36 am #46857
20:33:38 rlm_eap_mschapv2: Issuing Challenge
20:33:41 Login OK: [johndoe] (from client localhost port 0)
20:33:41 Login OK: [johndoe] (from client localhost port 0 cli 00-00-00-00-00-00)August 30, 2008 at 2:43 pm #46858
In any case if you use WPA/WPA2 (Wi-Fi Protected Access) either PSK or Enterprise the layer 2 of the communication is encrypted.
WPA Enterprise (your case) uses a IEEE 802.1x RADIUS server to authenticate and dynamically generate and exchange the encryption keys. In addition, the keys are renewed during the same session. For this reason WPA Enterprise is more secure than WPA with Pre-Shared Key. The encryption keys are very hard to be guessed because are continuously changed.
FulvioSeptember 3, 2008 at 5:53 pm #46859
You must be logged in to reply to this topic.