|
FreeRADIUS 2 is pretty easy to configure to do what you want. Start with the default configuration and make the minimum possible number of edits, testing repeatedly. Debug mode and the logs will help if you get stuck.
FreeRADIUS 2 does a pretty good job of bootstrapping its certificates out of the box - these certificates will certainly do to start with.
You need to add your access point(s) to clients.conf - this is where you configure your shared secrets.
Assuming you are going to use a static user database rather than something like LDAP, your users go in users.
You will need to make a few changes to radiusd.conf - you certainly need appropriate listen block(s).
You may need to configure one or more realms at the foot of proxy.conf, especially if you need to strip a prefix from the user name.
You may need to make a few changes to eap.conf, especially if you want the RADIUS server to return a VLAN number to the address point (typically this requires copy_request_to_tunnel and use_tunneled_reply set to yes in all enabled EAP types). Do not disable EAP types or mess around with the default EAP types - that is a pretty sure fire route to breakage unless you have a deep understanding of what is happening.
Get things working without extra complexities such as VLAN numbers first. In every case, simply following the guidance already in the files is usually sufficient. Accounting is fairly easy to implement if your access points support RADIUS accounting.
The access points tend to be easy to configure. It is best to support WPA2-Enterprise only, disallow mixed mode and TKIP, and test with pre-authentication on if it is supported.
|
Print Thread
deleted
