SmartBridges sB3210 User Manual

Page 47 of 55

airPoint™ Nexus User Configuration Guide

i n t e l l i g e n t w i r e l e s s p l a t f o r m

For TLS and PEAP, the server needs root.pem and cert-srv.pem. For TLS, the Windows XP client
needs root.der and cert-clt.p12. For PEAP, the Windows XP client needs root.der.

In the event that you want to use TLS authentication with multiple clients, Document 3 provides the
needed script. Look for the CA.clt script in Section 6.

3. Configure Server for TLS

There are only a few changes and additions needed for TLS authentication. The clients.conf, users,
and radiusd.conf are located at:

/usr/local/radius/etc/raddb

a. clients.conf -- This file contains the basic configuration for the Access Point. Look for the following
line then uncomment and modify as appropriate:

#client 192.168.0.0/24 {

client 192.168.1.0/24 {

secret = AP_Shared_Secret

shortname

=

WLAN

}


b. users -- This file contains the basic user information. Look for the following line and then add the
user name:

#"John Doe" Auth-Type := Local, User-Password == "hello"
#

jbibe

Note that for TLS, you should not include an Auth-Type or a password. The server is able to
determine the correct Auth-Type, and a password is not needed because the client uses a client
certificate for authentication.

c. radiusd.conf -- This file contains the server configuration information. Look for the following lines
and then change the default_eap_type from md5 to tls:

eap {
default_eap_type

=

md5

Change md5 to tls.

Move down to the following line, and then uncomment and modify the information, as shown below.
Note that I placed the server certificates, dh file and random file in a new directory 1x on our system.
Modify the path as needed for your server:

#tls {

tls {
private_key_password

=

whatever

private_key_file

=

/usr/local/radius/etc/1x/cert-srv.pem

certificate_file

=

/usr/local/radius/etc/1x/cert-srv.pem

CA_file

=

/usr/local/radius/etc/1x/root.pem