Linux - Wireless NetworkingThis forum is for the discussion of wireless networking in Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've been working in a project to build a hotspot under Linux for some weeks now. I've checked FreeRADIUS, OpenSSL and ChilliSpot documentation, and practiced with many Linux distros.
The requirements say that it must be SECURE (i.e. protected against wireless sniffing and no connectivity until the supplicant provides the correct credentials). For example, the supplicant connects to the AP and uses port-based authentication to provide Username/Password, which are verified by a RADIUS-SQL mix (FreeRADIUS + MySQL). If the credentials are valid, then the client is given a IP address and access to the network; else, no connectivity is provided.
Other requirement is that must support Windows XP clients, and nothing must be installed in the clients (except Microsoft patches if needed), not even digital certificates.
Can such an implementation be done? If so, what would I need (software)? Which protocols must I use?
You need 80211i:
Software:
* FreeRadius (+MySQL) + Xsupplicant for the supplicants
* OpenSSL for creating certificates.
Protocols:
* EAP-TLS to authenticate by certificates
or
PEAP-MS-CHAPv2 which established a TLS tunnel to authenticate by passwords.
So, my solution is FreeRADIUS + MySQL + PEAP-MSCHAPv2. Any FAQs/tutorials/HOWTOs on that?
Quote:
Originally Posted by nx5000
Remove the Windows XP
lol
And the last question: Which Linux distro is the most convenient for this server impementation? I've tried Slackware and I've got used to it, but Ubuntu's package management and simplicity really caught me. Maybe Fedora is an option, too...
The basic FreeRADIUS instructions, some specific to EAP/TLS, should give you the rest of the guidance you need: www.freeradius.org/doc/EAPTLS.pdf
As for distros, I'm a Slack bigot. Once you set up the authentication server, you'll not be doing much in the way of packages. I'm running a RADIUS box and I only add security updates (via Swaret). It you want to create packages for Slack, for easy removal or upgrades (without using the native Slack tools), try Checkinstall: http://asic-linux.com.mx/~izto/checkinstall/
Well, after struggling a lot, I finally made it. All my tech requirements have been met. Now I'm gonna organize all that and write a FAQ if someone wants to do it too.
Man, it's gonna take loooooooong...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.