Here’s a simple setup to demonstrate WPA2-ENT authentication using a Username/Password pair.
This blog will be mostly screenshot with little description on what it does, since there are lots of explanation being offered on the web. check my references at the end of this post.
Network diagram:
Requirements:
Pfsense – for this demonstration i was using 2.1-BETA1
Freeradius – 1.6.7 pfsense package
Wifi Access point – buffalo whz-hp-g300nh2 running on ddwrt. (any AP should work as long it is capable using WPA Ent.)
Any WPA/WPA2 compliant client. – Laptop with Windows 7.
Procedure:
A: Generate Certificates Needed.
Login to pfsense web interface and go to Certificate Manager.
Create CA.
Create Server Certificate.
B: Configure Freeraduis on pfsense.
Go to Services -> Freeradius.
Create a User. username: wifiUser1 password: 123456
Create an authenticator entry in NAS/Client. IP: 10.0.1.150 , Client Shared Secret: myApSecret
On the screenshot below I also added several entries which I use for troubleshooting and testing freeradius. For this demonstration we only need the 10.0.1.150
Create an interface.
Configure EAP.
C. Configure Access Point
D. Import of CA.crt to Windows 7
Export CA.crt from pfsense Certificate Manager.
Import CA.crt into MMC Certificate add-in. Be sure to import it in “Trusted Root Certification Authorities”
Once you connect to your Access point you just configured windows will require you to enter a Username and Password, use the one we have made above. You will also get a warning stating that the Certificate is invalid or is unknown, just select Connect on that part since were using a self-signed certificate.
No comment
Say something
Thank you
Your post has been submitted and will be published once it has been approved.
OK
OOPS!
Your post has not been submitted. Please return to the page and try again. Thank You!
If this error persists, please open an issue by clicking here.
OK