cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1411
Views
0
Helpful
3
Replies

Radius EAP-TLS

Natha340Mai340
Level 1
Level 1

Hello Everyone, I'm need to create a Server freeRadius ( server radius for linux )  with EAP TLS. the server Radius I have already deployed and it's working ( integration with openldap ). but, I'm difficult at the deployment EAP TLS upon the freeRadius to authentication my wireless users ( Aironet 1240 ). how to can I generation the certification for my users?? what I need to do ? anyone has a How to about freeradiusd with EAP-TLS?

thank!

3 Replies 3

Yudong Wu
Level 7
Level 7

You need setup a CA server to issue certificate to your freeRadius and client.

Here is the example of Cisco ACS but the principle is the same.

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_configuration_example09186a008068d45a.shtml

Natha340Mai340
Level 1
Level 1

hello everyone, I'm still attempt deployment freeradiusd with EPA-TLS.

but there is many variables which I have to save for all it's work!


for exemplo, issue certificate. to this I'm using openssl but it isn't ready.

I'm difficult found a way to issue wireless users certificate. understend all the generation of the certificate.


the same way I want to share with you a how to about issue certificate with openssl follow:


http://www.g-loaded.eu/2005/11/10/be-your-own-ca/

in attach too has other very good own Cisco.

will go on attempt deployment the freeradiusd with EAP-TLS and I will report to you.

thank.

Natha340Mai340
Level 1
Level 1

Hello everyone, I know that this Forum cover more issue about environment Cisco. but, I've need to do an integration in my wireless environment with EAP-TLS and I'm using the LDAP and Freeradius to authenticate my wireless users.

follow at the step by step:

1-  Install samba and Ldap.don't use ( no necessary Install PHPldapAdmin ) you can use ldapadmin for manager your database ldap.

2- after install your ldap and Samba you need delete schema directory in /etc/ldap/schema then you can run smbldap-populate other side can occur errors

3- Install freeradius version 2 the is freeradius2

4- Install the freeradius2-ldap

5- for generate yours certificates ( you need only two: CA certificate and Server Certificate ) you must have had installed the openssl any linux machine come with it.so you can follow the REDME in /etc/raddb/certs

6- to configuration integration radius and ldap is in /etc/raddb/modules/ldap file.

I've installed my freeradius in Red-Hat enterprise 5.5 and my Samba and Ldap in fedora 12

7- set your Aps to use radius.

good loock!