May 2012
S	M	T	W	T	F	S
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

hostapd & 802.1x & freeradius

Written by chrislyw at May 16, 2012

Setting up an AP which accept PEAP/MSCHAPv2 authentication using Linux with a ‘Master Mode-able’ wifi device, sometimes, is not quite worth. Using ready-made network appliance should be more easy and stable. However, setting up a RADIUS server to terminate the PEAP/MSCHAPv2 request can’t be avoided.

Hardware: TP-Link TL-WN722N USB wireless stick
OS: Slackware 13.37
Software: hostapd, freeradius

Suppose, your Linux could use the USB wireless stick without problem, e.g., wlan0 interface is up. You may refer this post to install necessary driver to use the stick.

Setup hostapd

Take the following as reference for the hostapd.conf,

interface=wlan0
driver=nl80211
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=0
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=linuxtest802x1
hw_mode=g
channel=11
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=2347
fragm_threshold=2346
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
ieee80211n=1
ht_capab=[HT40-][SHORT-GI-20][SHORT-GI-40]
ieee8021x=1
eapol_version=2
eap_message=hello\0networkid=netw,nasid=foo,portid=0,NAIRealms=example.com
wep_key_len_broadcast=13
wep_key_len_unicast=13
wep_rekey_period=3600
eapol_key_index_workaround=0
eap_reauth_period=3600
eap_server=0
own_ip_addr=127.0.0.1
nas_identifier=ap.q-station.net
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=testing123
acct_server_addr=127.0.0.1
acct_server_port=1813
acct_server_shared_secret=testing123
wpa=3
wpa_key_mgmt=WPA-EAP
wpa_pairwise=CCMP
rsn_pairwise=CCMP

Freeradius

Ensure following is defined in authorize session in sites-enabled/default
```
eap {
    ok = return
}
```
Setup eap.conf
- Setup tls session
- Setup private_key_file,certificate_file,CA_file
- default_eap_type = mschapv2 in peap session
Setup site-enabled/inner-tunnel for your site

q-station.net KB

Knowledge base for q-station.net

Recent Posts

Archives

Categories

Tags

Meta

hostapd & 802.1x & freeradius

Setup hostapd

Freeradius

Filed under: