Download - RADIUS Secured and Authenticated WiFi
![Page 1: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/1.jpg)
RADIUS Secured andAuthenticated WiFi
Robert LeahyCharles Bodman
Brandon Ellis
![Page 2: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/2.jpg)
Setup
• D-Link DIR-825 Wireless Access Point, Hardware Revision B1, Firmware Version 2.03NA
• Tablet running Windows 7 (WiFi client)• Server (VMWare Workstation) running CentOS
5.5 x64 and FreeRADIUS 2
![Page 3: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/3.jpg)
![Page 4: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/4.jpg)
Configuration
Your FreeRADIUS 2 installation must be configured to use EAP.You must generate certificates for the server (ideally these would be trusted and signed, but self-signed can be used if you either bypass server authentication (bad) or install the certificate for the server on all clients (inconvenient)).You must configure a secret for the access point, and setup a user account.
![Page 5: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/5.jpg)
Configuration
User account is created in /etc/raddb/users
![Page 6: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/6.jpg)
Configuration
Secret is setup in /etc/raddb/clients.conf
![Page 7: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/7.jpg)
Configuration
AP must be set to use WPA-Enterprise, and secret/server IP must be entered:
![Page 8: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/8.jpg)
Configuration
In order to set Windows up to use WPA-Enterprise – unless you’re logging on with domain credentials with a properly-signed certificate (we’re not) – you have to do some fiddling.To get to these options, you right-click your wireless network and go to Properties.
![Page 9: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/9.jpg)
Configuration
This is your first stop. In here you setup your security type (discussed earlier) and encryption type (if your router is setup to use both, choose either). You need to select PEAP (if it’s not already), and then go into Settings…
![Page 10: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/10.jpg)
Configuration
…in here you need to turn of validation of the server certificate (since it’s self-signed and we’re not installing it as trusted). You then need to hit Configure and turn off automatically using Windows credentials…
![Page 11: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/11.jpg)
Configuration
…once this is done we can go back to the first menu and go into Advanced Settings…
![Page 12: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/12.jpg)
Configuration
…here we need to Replace Credentials and enter our WiFi credentials, and then we can connect!
![Page 13: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/13.jpg)
Connecting
With configuration done, we just click Connect on the network as per usual.
![Page 14: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/14.jpg)
Connecting
We can monitor the RADIUS operation by running FreeRADIUS (radiusd) with the -X switch
![Page 15: RADIUS Secured and Authenticated WiFi](https://reader036.vdocuments.us/reader036/viewer/2022062305/5681665c550346895dd9dde3/html5/thumbnails/15.jpg)
Advantages of RADIUS
In a typical WiFi network – using a pre-shared key (PSK) – the network is secure against others, but each person on the network is not secure against the others due to the shared nature of the key.
RADIUS authentication obviates this issue, by providing per user authentication, and per user encryption.