Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeRADIUS + WPA2 Enterprise + 802.1x = How?

    Scheduled Pinned Locked Moved Wireless
    4 Posts 3 Posters 18.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      windexh8er
      last edited by

      OK…  I have an Airport Extreme that I would like to have do 802.1x authentication for WPA2 enterprise encryption.  I guess I don't know enough about FreeRADIUS to get a good enough start.

      I have installed FreeRADIUS, added the client and one user.  Except I keep getting 802.1x auth failures when trying to log in.  I did a tcpdump between the extreme and the PFSense server but all I really see is rejects from the RADIUS server back.

      Does anybody have a quick and dirty on this?  I feel like I'm missing something.

      Thanks!
      --windexh8er

      1 Reply Last reply Reply Quote 0
      • M
        Monoecus
        last edited by

        I run into the same issues. And, honestly, I have no idea how to fix it. There were some forum quotes stating unsure support of the 802.1x protocol. Maybe someone knows more about this.

        1 Reply Last reply Reply Quote 0
        • S
          Slam
          last edited by

          Ive never used this but a quick search of the pfs mailing list yields this:

          http://www.mail-archive.com/support@pfsense.com/msg09383.html

          If you are running from a hard drive install you would need to do the following:
                  - Install the freeradius package
                  - Edit the radius.conf and eap.conf to match your environment
                  - Copy your certificates to the pfsense's file system
                  - Start freeradius.

          I would also suggest having a read through this http://wiki.freeradius.org/Wi-Fi_Protected_Access

          Regards

          1 Reply Last reply Reply Quote 0
          • M
            Monoecus
            last edited by

            Finally, I could make Airport Extreme and Airport Express to run in the WPA2 Enterprise mode. Here is how it works:

            • go to the shell

            • type: vi /usr/local/etc/raddb/eap.conf

            • uncomment all command lines within the brackets of the following protocols: tls and ttls (DO NOT uncomment the commentaries)

            • save the file

            • restart FreeRADIUS in the Services Menu of the Browser.

            • Configure the Airports as Clients on pfSense/Freeradius and configure the wireless settings on the airport as WPA2 Enterprise with the Radius settings you just configured (secret key, etc.)

            • Connect to the Airport via your Powerbook and choose "TTLS - PAP" in the 802.1X Configuration menue.

            Everything should work fine for now, except that you get a certification warning.

            Note that this help is not the safest way to use. At least you need to create new certificates later and place them in /usr/local/etc/raddb/certs

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.