SmartBridges sB3210 manual Install Windows XP Certificates and Setup Client for TLS

dh_file = /usr/local/radius/etc/1x/dh

random_file = /usr/local/radius/etc/1x/random fragment_size = 1024

include_length = yes

}

No other changes are needed in radiusd.conf for TLS.

d. Server Certificates, DH File, and Random File – we added a new directory 1x in the radius etc directory, and then copied the server certificates (root.pem and cert-srv.pem) into the directory. Finally, we used the following trick to produce dh and random:

date > dh date > random

If you prefer, use your keyboard to enter some random characters in these files. Or even better, use the OpenSSL tools to produce the random information for these files.

e. Run-Radius -- The only server addition remaining is wrapper for radiusd. We added a new file run- radius in the /usr/local/radius/sbin directory. The script is from Document 3:

-----Wrapper Script ------------------------------------

#!/bin/sh -x

LD_LIBRARY_PATH=/usr/local/openssl/lib

LD_PRELOAD=/usr/local/openssl/lib/libcrypto.so

export LD_LIBRARY_PATH LD_PRELOAD

/usr/local/radius/sbin/radiusd $@

---------------------------------------------------------

After entering and saving the script, make run-radius executable:

chmod u=rwx run-radius

The server is complete.

4. Install Windows XP Certificates and Setup Client for TLS

The Windows XP certificates need to be installed, and client needs to be configured. We recommend that you follow Raymond McKay's example in Document 3, Section 10, XP Client (Supplicant) Setup. When this step is complete, the client is ready.

5. AP Setup

The AP configuration needs to be modified. This is the setup we used with our ZyXEL B-1000v2. (We assume that the B-1000 has been configured previously to use WEP keys and MAC addresses.)

At the wireless 802.1x tab:

Wireless Port Control = Authentication Required

ReAuthentication Timer = 1800 seconds

Idle Timeout = 3600 seconds

Authentication Database = RADIUS only

Dynamic WEP Key Exchange = 128-bit WEP