Page 44 of 55
airPoint™ Nexus User Configuration Guide
intelligent wireless platform
Appendix A: Configuration of the Radius Server FreeRADIUS/WinXP Authentication Setup
This document describes how to build a FreeRADI US server for TLS and PEAP authentication, and
how to configure the Windows XP clients (supplicants). The server is configured for a home (or test)
network.
Three papers have been written about TLS authentication with a FreeRADIUS server and are
available at the following websites:
1) www.missl.cs.umd.edu/wireless/eapt ls
2) www.freeradius.org/doc/EAPTLS.pdf
3) www.denobula.com
These papers provide an excellent background, but are somewhat out of date. Where appropriate, we
will simply refer to these documents rather than repeating the information. We recommend that you
follow the steps we give below rather than the steps in these documents.
If you follow this example, please make the needed changes to the names of the files. We installed
the FreeRADIUS and OpenSSL files in special local directories. This ensures that there is no
interaction between the base Linux files and the new files. It also allows you to easily remove all of the
newly installed files.
The FreeRADIUS and OpenSSL snapshots used in c onstructing the server are beta software.
1. Download and Install OpenSSL and FreeRADIUS
The first step is to download and install the latest snapshot versions of OpenSSL and FreeRADIUS.
a. OpenSSL -- Download the latest OpenSSL-0.9.7-stable snapshot. We downloaded the OpenSSL
snapshot to our home directory. The snapshots are located at:
»ftp://ftp.openssl.org/snapshot/
Then We used the following nine steps:
mkdir -p /usr/src/802/openssl
cd /usr/src/802/openssl
cp /home/jbibe/openssl-0.9.7-stable-SNAP-20040202.tar.gz \
openssl-0.9.7-stable-SNAP-20040202.tar.gz
gunzip openssl-0.9.7-stable-SNAP-20040202.tar.gz
tar xvf openssl-0.9.7-stable-SNAP-20040202.tar
cd openssl-0.9.7-stable-SNAP-20040202
./config shared --prefix=/usr/local/openssl
make
make install
That completes the work with OpenSSL, except for building the required certificates.
When you perform the config, make, and make-install here and in the FreeRADIUS install described
below, We recommend that you log the information. For example, instead of using the simple "make"
command, use: