How to get freeradius, WRT54G and a OS X client working with WPA Enterprise
This work with Panther at least, and is based on Freeradius 1.0.2 Once you get Freeradius installed (for instance using ubuntu on AMD64 - link ). I advise you to follow the section 3.2 of this how-to. Thus you get working clients.conf, radiusdb.conf, users and eap.conf. To generate certs you can use the interactive CA.all script which comes with freeradius (under scripts). I've chosen to user the certs.sh script after making some customization in CA.certs. The WRT54G (here it's a screenshot of DD-WRT (talismen)) is straightforward : In "Wireless" > "Wireless security". Enter "WPA Radius", leave TKIP selected, enter the IP address of your radius server and the secret key declared in the clients.conf:
For OS-X, just select the SSID of the WRT54G in the list. It ask you for a login and password. Enter those in the users file of freeradius...
For the first time he should ask you to add certs in OS X. Once accepted, you should be online. Hurra! You can save the connexion settings (and get more settings) using the OS X "Internet Connexion" utility :
If you don't want to setup a radius sever on your own you can get dedicated firmware for the WRT54G with TinyPEAP inside, which seems cool (not tested). Especially for user management. Other cool links :
- http://oriol.joor.net/blog/?itemid=1631
- http://www.alphacore.net/spipen/article.php3?id_article=1
- http://www.alphacore.net/spipen/article.php3?id_article=4
- http://homepage.mac.com/andreaswolf/public/wpaeap.html
The mailing list archive is usefull too. By the way, I'm really impressed by the FreeRadius implementation... I'm considering buying the book.
Comments