2013年3月7日木曜日

802.1X PEAP-md5 authentification with freeradius

A few wireless access point supports WPA2-EAP, each user can have different password to connect wifi with it.
Some model of corega supports WPA2-EAP, you have to check the datasheet before you buy.

RADIUS server, which manages accounts is necessary for EAP auth.
I realized WPA2-EAP wifi access point with freeradius on gentoo linux.
Following is the procedure of it.

Install freeradius

Simply emerge it.
# emerge freeradius -v

Setup the config files

Edit /etc/raddb/clients.conf to allow clients(access point) to query the account.
Add an entry like following.
client 192.168.0.0/24 {
        secret = secretphrase
        shortname = yourservername
}

Make account

Edit /etc/raddb/users to add accounts.
The following 3 lines are required for each account.

account_name Cleartext-Password := "password"
        Service-Type = Framed-User,
        Framed-Protocol = PPP

Setup access point 

Setup the access point to use WPA2-EAP auth.
You have to specify at least 2 information below.
  1. IP address or hostname of radius server
  2. secret key specified in clients.conf




Start daemon with debug mode

# radiusd -X
If you try to connect the access point, access point queries the radius server and radiusd will show the debug messages.
You will have to enter the account name and password as in /etc/radvd/users.

I tested with 4 clients, windows8 pro, android 2.3, android 4.0 and android 4.2. Only android 2.3 failed to connect. I am not sure the reason.

Let radiusd starts at boot time

# rc-update add radiusd default

0 件のコメント:

コメントを投稿