OpenWrt Forum Archive

Topic: Openwrt with external radius server

The content of this topic has been archived on 18 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
dre2007
21 Feb 2013, 17:13

Good morning,

I recently configured the following set up:

Windows 2008 NPS server communicating with an active directory environment and the openwrt als Radius client
|
Openwrt (radius client of the NPS server) with MSCHAPV2 PEAP
|
Laptop

Everything worked and the users were able to login with their AD account.

What I am trying to achieve is to change the MSCHAPV2 PEAP with certificates.
So basicly the clients need to be authenticated with their certificates.

I already imported the client certificate on the users laptop ( and also the CA certificate ).
I also already change the NPS server to make sure it authenticates the certificate of the user.
I also changed the clients computer to make sure that it will use the correct certificate and also set it up to not check the server certificate ( this will be implemented later on, I want it to work step by step else I don't know where things are messed up ).

Would anyone please be so kind as to provide me the settings for OPENWRT as I think I messed it up in there.
I got the following settings set in /etc/config/wireless:
option device 'radio 0'
option mode 'ap'
option isolate '0'
option bgscan '0'
option wds '0'
option ssid 'Internal'
option network 'vlan 10' <--- This has been set up correctly and isn't the issue as I can communicate with the server (ping)
option encryption 'wpa2+aes'
option key 'sameasontheradiusserver'
option port '1812'
option server '172.16.10.20'

Do I also need to change other files in order to get certificates working?
Please keep in mind that the basic settings are correct ( as it does work with MSCHAPV2 ).

Any help would be much appreciated.

Ps.: I read something about the eap.conf file. Do I need to update that one aswell?

Post #2
dre2007
22 Feb 2013, 11:41

Good afternoon,
Bummer to see noone replied yet.

Nevermind my question, I already have everything working in the following scenario.
1 windows 2008R2 server in a domain and 1 Active Directory server ( of course the same domain ).
1 NPS/Radius configured on the above mentioned 2008R2 server.
1 Openwrt connected to the NPS/Radius server
1 Client machine

Client verifies the server and the server verifies the client certificate.

Post #3
Hade23
28 Nov 2014, 03:59

Hi Dre2007,

I hope your still active on this site. You got further then i did and was wondering if you would be able to assist.

My issue:
-  I can't login to my SSID using the users configured on the Radius. how did you get that to work? would you be able to provide instructions on how you got the Raidus setup?

Thanks,
Hade

The discussion might have continued from here.