Now that you have your access point and FreeRADIUS server ready to go to work, how do your clients talk to it?
All clients need a copy of ca.crt. Mac and Linux clients get their own [hostname].crt and [hostname].key files. Windows clients use [hostname].p12.
Your Windows and Mac clients have built-in graphical tools for importing and managing their certificates, and configuring their supplicants. What do you do on Linux? I havenít found anything that makes the job any easier than editing plain old text files. Go back to Recipe 4.7, and start with the configuration for /etc/wpa_supplicant.conf. Change it to this:
The value for identity comes from /etc/raddb/users on the FreeRADIUS server. Certificates and keys can be stored anywhere, as long as wpa_supplicant.conf is configured correctly to point to them.
Continue with the rest of Recipe 4.7 to test and finish configuring wpa_supplicant.
Be sure that .key files are mode 0400, and owned by your Linux user. .crt files are 0644, owned by the user.
You can have multiple entries in wpa_supplicant.conf for different networks. Be sure to use the:
format to set them apart.
NetworkManager (http://www.gnome.org/projects/NetworkManager/) is the best Linux tool for painlessly managing multiple network profiles. It is bundled with Gnome, and is available for all Linux distributions.
man 8 wpa_supplicant
man 5 wpa_supplicant.conf
Please check back for the next part of this article.