Home arrow BrainDump arrow Page 3 - Securing a Linux Wireless Access Point

4.9 Configuring Your Wireless Access Point to Use FreeRADIUS - BrainDump

In this third part of a five-part series on building a Linux wireless access point, you'll learn several different ways to secure your servers, so you can choose the level of security that best suits your needs. This article is excerpted from chapter four of the Linux Networking Cookbook, written by Carla Schroder (O'Reilly; ISBN: 0596102488). Copyright © 2008 O'Reilly Media, Inc. All rights reserved. Used with permission from the publisher. Available from booksellers or direct from O'Reilly Media.

TABLE OF CONTENTS:
  1. Securing a Linux Wireless Access Point
  2. 4.8 Enterprise Authentication with a RADIUS Server
  3. 4.9 Configuring Your Wireless Access Point to Use FreeRADIUS
  4. 4.10 Authenticating Clients to FreeRADIUS
By: O'Reilly Media
Poor Best
Rating: starstarstarstarstar / 1
February 04, 2010

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Problem

OK, setting up FreeRADIUS was fun, now what do you do to make your WAP use it?

Solution

Your nice Pyramid Linux-based WAP needs but a few lines in /etc/hostapd.conf. In this example, the IP address of the FreeRADIUS server is 192.168.1.250:

  ##/etc/hostapd.conf
  interface=ath0
  bridge=br0
  driver=madwifi
  debug=0
  ssid=alrac-net
  ieee8021x=1
  auth_algs=0
  eap_server=0
  eapol_key_index_workaround=1

  own_ip_addr=192.168.1.50 
  nas_identifier=pyramid.alrac.net
  auth_server_addr=192.168.1.250
  auth_server_port=1812 
  auth_server_shared_secret= superstrongpassword

  wpa=1
  wpa_key_mgmt=WPA-EAP
  wpa_pairwise=TKIP
  wpa_group_rekey=300
  wpa_gmk_rekey=640

Edit /etc/network/interfaces so that hostapd starts when your LAN interface comes up. Add these lines to the end of your LAN interface stanza:

  pre-up hostapd -B /etc/hostapd.conf
  post-down killall hostapd

Restart networking:

  pyramid:~# /etc/init.d/networking restart

And you’re almost there. See the next recipe for client configuration.

Discussion

All the different wireless access points are configured in different ways. The three things common to all of them are:

  1. FreeRADIUS Server IP Address
  2. FreeRADIUS Port: 1812 is the default
  3. FreeRADIUS Key: shared secret

Remember, you don’t have to worry about keys and certificates on the access point. It’s just a go-between.

See Also

  1. RADIUS, by Jonathan Hassell (O’Reilly) for a good in-depth tour of running a RADIUS server

  2. The FreeRADIUS Wiki: http://wiki.freeradius.org/
  3. The example hostapd.conf



 
 
>>> More BrainDump Articles          >>> More By O'Reilly Media
 

blog comments powered by Disqus
   

BRAINDUMP ARTICLES

- Apple Founder Steve Jobs Dies
- Steve Jobs` Era at Apple Ends
- Google's Chrome Developer Tool Updated
- Google's Chrome 6 Browser Brings Speed to th...
- New Open Source Update Fedora 13 is Released...
- Install Linux with Knoppix
- iPad Developers Flock To SDK 3.2
- Managing a Linux Wireless Access Point
- Maintaining a Linux Wireless Access Point
- Securing a Linux Wireless Access Point
- Configuring a Linux Wireless Access Point
- Building a Linux Wireless Access Point
- Migrating Oracle to PostgreSQL with Enterpri...
- Demystifying SELinux on Kernel 2.6
- Yahoo and Microsoft Create Ad Partnership
Find More BrainDump Articles

Developer Shed Affiliates

 

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap

Dev Shed Tutorial Topics: