SmartBridges sB3210 manual Appendix a Configuration of the Radius Server

Page 44

i n t e l l i g e n t

w i r e l e s s

p l a t f o r m

Appendix A: Configuration of the Radius Server

FreeRADIUS/WinXP Authentication Setup

This document describes how to build a FreeRADIUS server for TLS and PEAP authentication, and how to configure the Windows XP clients (supplicants). The server is configured for a home (or test) network.

Three papers have been written about TLS authentication with a FreeRADIUS server and are available at the following websites:

1)www.missl.cs.umd.edu/wireless/eaptls

2)www.freeradius.org/doc/EAPTLS.pdf

3)www.denobula.com

These papers provide an excellent background, but are somewhat out of date. Where appropriate, we will simply refer to these documents rather than repeating the information. We recommend that you follow the steps we give below rather than the steps in these documents.

If you follow this example, please make the needed changes to the names of the files. We installed the FreeRADIUS and OpenSSL files in special local directories. This ensures that there is no interaction between the base Linux files and the new files. It also allows you to easily remove all of the newly installed files.

The FreeRADIUS and OpenSSL snapshots used in constructing the server are beta software.

1. Download and Install OpenSSL and FreeRADIUS

The first step is to download and install the latest snapshot versions of OpenSSL and FreeRADIUS.

a. OpenSSL -- Download the latest OpenSSL-0.9.7-stable snapshot. We downloaded the OpenSSL snapshot to our home directory. The snapshots are located at:

»ftp://ftp.openssl.org/snapshot/

Then We used the following nine steps:

mkdir -p /usr/src/802/openssl cd /usr/src/802/openssl

cp /home/jbibe/openssl-0.9.7-stable-SNAP-20040202.tar.gz \ openssl-0.9.7-stable-SNAP-20040202.tar.gz

gunzip openssl-0.9.7-stable-SNAP-20040202.tar.gz tar xvf openssl-0.9.7-stable-SNAP-20040202.tar cd openssl-0.9.7-stable-SNAP-20040202

./config shared --prefix=/usr/local/openssl make

make install

That completes the work with OpenSSL, except for building the required certificates.

When you perform the config, make, and make-install here and in the FreeRADIUS install described below, We recommend that you log the information. For example, instead of using the simple "make" command, use:

airPoint™ Nexus User Configuration Guide

Page 44 of 55

 

Page 43 Page 45
Image 44
Page 43 Page 45
Contents AirPoint Nexus SB3210 VersionTable of Contents Related Publications About This DocumentOverview of User Guide Technical Support Center System Requirements AirPoint Nexus Configuration FeaturesIntroduction Checklists Pre-Installation Checklist for airPointSignature of Engineer Name Date Parameters Units Site a Site BEconomical One radio model sB3210 Post-Installation Checklist for airPoint RssiChecklist Parameters Units Site a Site B AirPoint Configuration User Login and License AgreementLicense Agreement Web GUI Administrator Password Change Description of Parameters DescriptionsUsing the Configuration Pages Navigation Menu BarEditable Boxes for Parameter Editing Description of Menus Menu Item Menu Sub-itemsMenu Item Menu Sub-items Description NoneWEP Only Internal ACLTools Help Wireless Configuration AirPoint Bridge Configuration ParametersEthernet Configurations AirPoint Bridge Wireless Settings Wireless Settings Items DescriptionsRadio Protocol Parameters Radio ProtocolItems Descriptions AirPoint Bridge Performance Settings Default STP Values Setting Default Value Range Purpose Bridge ConfigurationConfiguring Spanning Tree Protocol STP Setting Default Value Range Purpose T e l l i g e n t R e l e s s A t f o r m 11 Bridge Configuration WDS Table WEP only Wireless Equivalent PrivacySecurity T e l l i g e n t R e l e s s A t f o r m Internal ACL with WEP disabled External ACLRadius & Internal ACL External ACL Radius & Internal ACL WPA-RadiusWPA radius Traffic Statistics Traffic StatisticsSystem Configuration ToolsSystem Configuration Descriptions Snmp SecurityReset Options Snmp Security ConfigurationNTP Time Server Setup Delayed ResetNTP Time Settings Profile ManagerSave Profile Profile Manager Menu ItemsLoad Operating Profile Profile CalendarLink Test Ping Test ResultLink Budget Planning Throughput Test Result10 Link Budget Planning Calculator Link Budget Firmware Upgrade AirPoint Nexus Firmware UpgradeSuccessful upgrade pop-up window Appendix a Configuration of the Radius Server Produce Certificates T e l l i g e n t R e l e s s A t f o r m Configure Server for TLS Install Windows XP Certificates and Setup Client for TLS Test TLS Change Windows XP for Peap Appendix B Useful terms and definitions Abbreviations AcronymsWPA Snmp Appendix C Snmp Trap Appendix D License
Top Page Image Contents