4.9 Configuring Your Wireless Access Point to Use FreeRADIUS - BrainDump

Problem

OK, setting up FreeRADIUS was fun, now what do you do to make your WAP use it?

Solution

Your nice Pyramid Linux-based WAP needs but a few lines in /etc/hostapd.conf. In this example, the IP address of the FreeRADIUS server is 192.168.1.250:

  ##/etc/hostapd.conf
  interface=ath0
  bridge=br0
  driver=madwifi
  debug=0
  ssid=alrac-net
  ieee8021x=1
  auth_algs=0
  eap_server=0
  eapol_key_index_workaround=1

  own_ip_addr=192.168.1.50 
  nas_identifier=pyramid.alrac.net
  auth_server_addr=192.168.1.250
  auth_server_port=1812 
  auth_server_shared_secret= superstrongpassword

  wpa=1
  wpa_key_mgmt=WPA-EAP
  wpa_pairwise=TKIP
  wpa_group_rekey=300
  wpa_gmk_rekey=640

Edit /etc/network/interfaces so that hostapd starts when your LAN interface comes up. Add these lines to the end of your LAN interface stanza:

  pre-up hostapd -B /etc/hostapd.conf
  post-down killall hostapd

Restart networking:

  pyramid:~# /etc/init.d/networking restart

And you’re almost there. See the next recipe for client configuration.

Discussion

All the different wireless access points are configured in different ways. The three things common to all of them are:

1. FreeRADIUS Server IP Address
   
2. FreeRADIUS Port: 1812 is the default
   
3. FreeRADIUS Key: shared secret

Remember, you don’t have to worry about keys and certificates on the access point. It’s just a go-between.

See Also

1. RADIUS, by Jonathan Hassell (O’Reilly) for a good in-depth tour of running a RADIUS server

2. The FreeRADIUS Wiki: http://wiki.freeradius.org/
   
3. The example hostapd.conf