This guide covers encrypted connections between clients and the RADIUS server through a supplicant or wireless access device. This guide is also limited in the scope of FreeRADIUS configuring it to be an integrated solution to provide WPA2 Infrastructure mode for a wireless access point.
<note warning>The RADIUS Server app is now available via Marketplace. The following document is here for historical purposes only.</note>
For ClearOS 5.2, run your updates. For older versions, you must upgrade to 5.2 before you can use this module.
Install the FreeRadius service by running the following from command line:
yum --enablerepo=base-plus install app-freeradius service syswatch restart
In Webconfig, click on the RADIUS server link under <navigation>Network » Settings » RADIUS Server</navigation>
To start the service, click Start. To make the service start automatically on each reboot, click To Auto
You may assign a group to authenticate through your RADIUS server. Select a group and click Update.
To allow a remote device to use the RADIUS server, give the client remote device(s) a nickname without spaces. Insert an IP address or CIDR. Select a password to be used by these client devices and click Add.
Your wireless access point will have a section where you can set WPA2 Infrastructure Mode. (TDB later, it is late)
<note warning>I have yet to test if these next steps break the WPA2 infrastructure capability. It shouldn't but I'm not 100% sure yet.</note>
You can also have the LDAP authenticate through PAP locally by changing the following items.
uncomment ldap in the authorization section. comment unix in the authorization section.
Add checkItem for pcnMicrosoftPassword in the appropriate section…
checkItem NT-Password pcnMicrosoftNTPassword checkItem Auth-Type radiusAuthType checkItem Simultaneous-Use radiusSimultaneousUse
Test this from command line using the radtest command:
radtest <username> <password> localhost 10 <RADIUSpassword>