Filter
Top Products
Page 48 of 55
airPoint™ Nexus User Configuration Guide
intelligent wireless platform
dh_file = /usr/local/radius/etc/1x/dh
random_file = /usr/local/radius/etc/1x/random
fragment_size = 1024
include_length = yes
}
No other changes are needed in radiusd.conf for TLS.
d. Server Certificates, DH File, and Random File
– we added a new directory 1x in the radius etc
directory, and then copied the server certificates (root.pem and cert-srv.pem) into the directory.
Finally, we used the following trick to produce dh and random:
date > dh
date > random
If you prefer, use your keyboard to enter some random characters in these files. Or even better, use
the OpenSSL tools to produce the random information for these files.
e. Run-Radius
-- The only server addition remaining is wrapper for radiusd. We added a new file run-
radius in the /usr/local/radius/sbin directory. The script is from Document 3:
----- Wrapper Script ------------------------------------
#!/bin/sh -x
LD_LIBRARY_PATH=/usr/local/openssl/lib
LD_PRELOAD=/usr/local/openssl/lib/libcrypto.so
export LD_LIBRARY_PATH LD_PRELOAD
/usr/local/radius/sbin/radiusd $@
---------------------------------------------------------
After entering and saving the script, make run-radius executable:
chmod u=rwx run-radius
The server is complete.
4. Install Windows XP Certificates and Setup Client for TLS
The Windows XP certificates need to be installed, and client needs to be configured. We recommend
that you follow Raymond McKay's example in Document 3, Section 10, XP Client (Supplicant) Setup.
When this step is complete, the client is ready.
5. AP Setup
The AP configuration needs to be modified. This is the setup we used with our ZyXEL B-1000v2. (We
assume that the B-1000 has been configured previously to use WEP keys and MAC addresses.)
At the wireless 802.1x tab:
Wireless Port Control = Authentication Required
ReAuthentication Timer = 1800 seconds
Idle Timeout = 3600 seconds
Authentication Database = RADIUS only
Dynamic WEP Key Exchange = 128-bit WEP