Both TTLS and PEAP require a server side certificate. If do not have one, you can generate one using OpenSSL.
Configuring FreeRADIUS is relatively easy. The comments in the configuration files in /etc/raddb are very helpful. To get started, /etc/raddb/radiusd.conf is the main configuration file. For PEAP, you will need to make sure the radiusd.conf includs eap.conf, and you will need to make sure that eap.conf is configured (e.g. path to you server certificate).
You will need to configure your access points to point to your FreeRADIUS server. It is likely that you will need to configure them with a username/password for accessing the RADIUS server. You enter these in /etc/raddb/clients.conf.
You will need to configure your users' usernames/passwords. While you are experimenting, you can configure them in /etc/raddb/users. However, you may want to use some other method (e.g. LDAP) for production.
Tomasz Szymanski wrote:
Can yoy give me a clea how to configure it? I thought thtat WPA has two modes of operations:
WPA-PSK - doesn't need Radius
WPA - needs Radius for verification of credentials and gereration of intial preshared key.
What do I need to run the second option?
TS
Paul Bender wrote:
Yes.
Tomasz Szymanski wrote:
Does FreeRadius support WPA standard?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
