4. FreeRADIUS + WPA2 Enterprise + 802.1x = How?

FreeRADIUS + WPA2 Enterprise + 802.1x = How?

  • W

    OK…  I have an Airport Extreme that I would like to have do 802.1x authentication for WPA2 enterprise encryption.  I guess I don't know enough about FreeRADIUS to get a good enough start.

    I have installed FreeRADIUS, added the client and one user.  Except I keep getting 802.1x auth failures when trying to log in.  I did a tcpdump between the extreme and the PFSense server but all I really see is rejects from the RADIUS server back.

    Does anybody have a quick and dirty on this?  I feel like I'm missing something.

    Thanks!
    --windexh8er

    0
  • M

    I run into the same issues. And, honestly, I have no idea how to fix it. There were some forum quotes stating unsure support of the 802.1x protocol. Maybe someone knows more about this.

    0
  • S

    Ive never used this but a quick search of the pfs mailing list yields this:

    http://www.mail-archive.com/support@pfsense.com/msg09383.html

    If you are running from a hard drive install you would need to do the following:
            - Install the freeradius package
            - Edit the radius.conf and eap.conf to match your environment
            - Copy your certificates to the pfsense's file system
            - Start freeradius.

    I would also suggest having a read through this http://wiki.freeradius.org/Wi-Fi_Protected_Access

    Regards

    0
  • M

    Finally, I could make Airport Extreme and Airport Express to run in the WPA2 Enterprise mode. Here is how it works:

    • go to the shell

    • type: vi /usr/local/etc/raddb/eap.conf

    • uncomment all command lines within the brackets of the following protocols: tls and ttls (DO NOT uncomment the commentaries)

    • save the file

    • restart FreeRADIUS in the Services Menu of the Browser.

    • Configure the Airports as Clients on pfSense/Freeradius and configure the wireless settings on the airport as WPA2 Enterprise with the Radius settings you just configured (secret key, etc.)

    • Connect to the Airport via your Powerbook and choose "TTLS - PAP" in the 802.1X Configuration menue.

    Everything should work fine for now, except that you get a certification warning.

    Note that this help is not the safest way to use. At least you need to create new certificates later and place them in /usr/local/etc/raddb/certs

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy