8. WPA2 Enterprise
• WPA2 Enterprise requires an 802.1x authentication
server or RADIUS server.
• We will use Ubuntu 11.10 in setting up FreeRADIUS
server, currently at version 2.1.
• To setup this lab, we need:
– Wireless AP supporting WPA2 Enterprise authentication.
– RADIUS server for 802.1x authentication.
– Wireless device for testing such as Laptop.
9. Installing FreeRADIUS
• To install FreeRADIUS from the command-line run the following
command:
• sudo apt-get install freeradius
• Once the installation is complete the next step is to verify the
authentication server is running.
• Before doing that edit the file /etc/freeradius/users and add the
following line:
• testuser Cleartext-Password := “testpassword”
• To test the FreeRADIUS server by querying it directly with requests:
• radtest testuser testpassword 127.0.0.1 1812
testing123
• You should see Access-Accept. If it is Access-Reject then there is a
problem. To check the log start FreeRADIUS in debug mode.
10. Configuring FreeRADIUS
• To configure FreeRADIUS for 802.1x authentication, you will need to
configure EAP setting. Edit the file /etc/freeradius/eap.conf and
modify the following line:
• default_eap_type = peap
• Configure FreeRADIUS to accept the AP as a client. Edit the file
/etc/freeradius/clients.conf. Add the following text to the bottom of the
file:
• client 192.168.1.1/24 { (IP address of AP)
• secret = test (shared password)
• shortname = default (the SSID of AP)
• }
• The last step is to restart the FreeRADIUS server :
• sudo /etc/init.d/freeradius restart
• To start FreeRADIUS in debug mode, stop it and run:
• freeradius -X
11. Configuring AP
• For client testing, you will need to configure the AP to send requests
to the IP address of RADIUS server .
• Use the testuser and testpassword values in the file
/etc/freeradius/users to connect to WLAN from the laptop.