Cross platform secure login on wpa2
henti at geekware.co.za
Wed Dec 14 17:29:04 CET 2016
Good day all.
We currently have a wpapsk wifi managed by ubiquiti unif-fi. i'm in the
process of trying to move this over to a WPA2-Enterprise setup using
kerberos as authentication.
I used Alans the guide on http://deployingradius.com/ to get PAP and EAP
working with my current certs using a local user.
Next I used the Edoroam freeradius for auth against kerberos guide on
https://www.eduroam.us/node/90 to setup kerberos authentication.
Now this is where things go south.
With a test user in users, EAP is working fine. I can auth using
./rad_eap_test -H localhost -S testing123 -u kerberos-test -p secret -P
1812 -e PEAP -m WPA-EAP
However if I remove the local user and add "DEFAULT Auth-Type = Kerberos"
it stops working.
When I then test without EAP, using
radtest kerberos-test secret localhost 0 testing123
So I can get EAP working with local users, and kerberos without EAP.
What am I missing or not getting about getting them to work together to
allow users to log into the wireless with existing user/pass but encrypted ?
More information about the Freeradius-Users