I pieced together the notes and I actually did use the SME8 Radius server to authenticate WPA2-Enterprise on my access point. Here are a few things not mentioned that I figured out.
I do not have a purchased server certificate, only a private one generated by SME, thus it cannot be used in authentication. In setting up WPA Enterprise in Wndows XP wireless, I had to make some changes on the authentication tab. Changes made in properties under preferred wifi. Authentication EAP type changed from smartcard or certificate to Protected EAP (PEAP). Authenticate as computer when computer information is available was unchecked. Authenticate as guest is unchecked. Properties of Protected EAP was changed. Uncheck validate server certificate and Authentication method was set as (EAP-MSCHAP v2). Enable fast Reconnect was checked. This allowed whatever username and password used to login to the local windows machine to be authenticated and a wifi connection established.
I made these changes to the server config by command line.
db configuration setprop radiusd TCPPort 1812 access private status enabled
db hosts setprop [wifihostname.domainname.com] RadiusKey [KeyICreated]
signal-event remoteaccess-update
I will test this LAN side for now. I want to use SME on the WAN side as a radius server for all the satelite locations wifi connection. I believe by changing the radius port from private to public that will open 1812 up on the wan side. What I do not know is how secure this is. Does the radius secret key encrypt the communications over the internet so passwords are secure? Will it open any other security holes in the WAN side that I'm not aware of? Is each authentication recorded somewhere in a log for future auditing? If anyone has any thoughts on this I would appreciate your comments.
9 Replies
7021 Views