bryan at kadzban.is-a-geek.net
Thu Sep 22 18:24:09 EDT 2005
Christian Frankerl wrote:
> Thanks a lot for this detailed Informations :) In this case, i think
> i try the WPA-Enterprise.
> Which Packages does i need for WPA? I have installed the Hostap
> package but what else do i need? Can you tell me a good Tutorial or
> Howto für WPA-Enterprise with hostap?
No, I don't really have any links to tutorials or howtos (at least, not
good, up to date ones). I've never set up hostap though; I mostly use
plastic AP boxes instead of real PCs for my access points. But, the
theory should be the same, I'm just not sure how you configure hostap.
You'll first need a RADIUS server running somewhere (it can run on the
same box as hostap, I believe). I use FreeRADIUS at home, and IAS at
work (only because we already had 2K Server boxes, and IAS is a free
addon to 2K Server -- I would much rather use FreeRADIUS there too!).
The documentation for FreeRADIUS is fairly good, and the comments in the
sample config file were quite helpful when I was setting it up. I think
username/password authentication (with XP, PEAP with MSCHAPv2 would be
the best-supported method for that) can be set up based on a file
containing usernames and passwords. Or, I think you can use the Linux
box's /etc/passwd file, or you can use an external LDAP database, or you
can use an external SQL database. If you don't already have LDAP or SQL
running, the first option is probably the easiest.
Then, you'll need to configure hostap to talk to that RADIUS server. I
have no idea how to do that, but there are probably options somewhere.
You'll need the IP address and port (usually it uses udp/1812). RADIUS
accounting (udp/1813) is probably not necessary unless you want to
charge for using your wireless.
Then, you'll have to set up the XP supplicant. Configure the SSID in,
then set the authentication to WPA2 and encryption to AES (unless you
want to use WPA/TKIP, or some other combination -- just make sure it
matches your hostap setup). For authentication, tell it to use
"Protected EAP" (unless you want to do certs). I think by default it'll
try the currently-logged-on user's username and password.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050922/95aac51d/attachment.pgp
More information about the HostAP