Child pages
  • 802.1X secured wifi installation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
....
wifi1:wifi ipv4 dynamic_shared

In /etc/shorewall/shorewall.conf set:

Code Block
SAVE_IPSETS=Yes

Add to /etc/shorewall/rules (replace IP addresses with actual IP address of wifi routers):

Code Block
ACCEPT:INFO(uid)        wifi:192.168.9.2,192.168.9.3,192.168.9.4        $FW             udp    1812

 

FreeRADIUS

Code Block
apt-get install freeradius

...

Modify /etc/freeradius/3.0/clients.conf, comment the 'client localhost' and 'client localhost_ipv6' section and add a few of these blocks at the end, one for each wifi router(replace with actual IP addresses of wifi routers):

Code Block
client test1wifi-ap1 {
       ipaddr = 192.168.9.2
       secret = password # Replace test1 with aan nameactual forpassword
the}
router 
client wifi-ap2 {
       ipaddr = 192.168.9.2 3
       secret = password # Replace with IPan ofactual thepassword
router}

client wifi-ap3 {
       ipaddr = 192.168.9.4
       secret = password # Replace with an actual password
}

...

Code Block
apt-get install mysql-server freeradius-mysql
mysql -uroot
  CREATE DATABASE radius;
  exit
mysql -uroot radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql

...

Code Block
apt-get install libpam-script sshpass
mkdir /usr/share/libpam-script/pam-script.d/pam_to_mysql_update
cd /usr/share/libpam-script/pam-script.d/pam_to_mysql_update
# Install the pam_to_mysql_update.sh script from the shwl_add_shwl_del_sl_pmu archive in here
ln -s pam_to_mysql_update.sh pam_script_auth
ln -s pam_to_mysql_update.sh pam_script_passwd
 mysql -uroot
	GRANT ALL on radius.radcheck TO 'freerad'@'localhost';
exit
pam-auth-update # And, uncheck the box for "Support for authentication by external scripts"

Add the following line at the end of /etc/pam.d/common-auth:

...