I WAS WONDERING IF I COULD USE MY SUSE LINUX BOX USING RADIUS TO AUTHENTICATE MY WINDOWS 2000 WIRELESS CLIENTS OVER MY NETWORK SO THAT I COULD HAVE SOMEWHAT OF SECURITY ON THE WIRELESS SIDE. HERE IS CURRENT SETUP:


dsl modem
'''
''''
Suse linux Router/Firewall
'''
'''
Dlink 624 wireless router/switch
''
''
2 Wireless PC's (windows 2000)



Here is what I want:

dsl modem
'''
''''
Suse linux Router/Firewall (RADIUS)
'''
'''
Dlink 624 wireless router/switch
''
''
2 Wireless PC's (windows 2000) authenticating to the linux server

To use RADIUS to authenticate my windows 2000 workstation to LINUX and have a secure wireless connection from within my network. Is this possible?

Does ur dlink has radius server support

If yes you can make it secure using freeradius

There are lots of articles on the same

Can see the following link for the same

http://www.tldp.org/HOWTO/8021X-HOWTO/index.html

Will not be sure how to add certificates on WIN 2000

But I am also working on securing Win XP over the wireless network using Radius server

Best of luck

Regards

JAS

Thanks! At my work we use active directoy and we log into a w2k domain ,But can a windows 2000 machine authenticate to a linux machine using RADIUS. I would imagine so but I need some info.

how would setup freeRADIUS to authenticate to a windows 2000 machine?

well if your router supports radius shouldnt your router have a place to fill in the address of where your radius server resides?? and also the selection of authentication by radius rather then the current supported athentication, that way they can talk?

the part about configuring WPA and specifying my radius server IP address I completely understand. Let me clarify a little better. Lets say for example I have enable WPA on my wireless router and specified the IP address of my Linux RADIUS server. How would my windows 2000 workstation authenticate to my Linux RADIUS server. How does Linux RADIUS server make the wireless Windows 2000 workstaion think that they are logging into a windows network via authenication(active directory) for authenticating via RADIUS? Is there any additional software that I need to configure so that this will work? If I am on one of my wireless windows 2000 workstaion and I attempt to login as in lets say ROOT, can I? I dont think that this will work without some other type of translation software. I know that this setup will work with a windows 2000 server with RADIUS software and my wireless windows 2000 wokstations. All the software if from Microsoft. My question is will RADIUS work mixing LINUX and Microsoft products?

Yeah
you can definately authenticate using linux radius
Its not true that the communication will be different when you use linux as a Radius server
It will be the same as having windows as radius authentication server.
The only differnce that i could see configuring the two was that windows was all graphical but on linux it was command line and hence was fast

I used the following steps

Created a central authority
Created server certificates and signed them with my CA
Created client certificates ( when using EAP-TLS) and signed them too
Created certificates for XP clients

Configured freeradius for EAP-TLS
Shared the secret with my access point
Transfered the certirficates to the wireless client

Was wonderfull computer has to have a WPA supplicant or should be on XP SP2.

Well try searching on the topics cant find my links file so cant give now

Best of Luck

did you have to create accounts on the linux box and when logging in the xp cpu's , did you use your linux accounts on your xp cpu's?

Nope not central login from linux.

The certificates for client were used for authentication.

I used EAP-TLS that doesnt require central login but requires client certificates.

If you use PEAP or EAP-TTLS then you require central login but not in EAP-TLS

PEAP, EAP-TTLS is what i am looking forward to for wireless security also.

Thanks

Regards

Jaspreet

many thanks! jspsandhu!