RADIUS server questions

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
dtemp
DD-WRT Novice


Joined: 24 Aug 2010
Posts: 13

PostPosted: Sat Apr 21, 2012 22:19    Post subject: RADIUS server questions Reply with quote
I'm using the FreeRADIUS built into my router. The only AP on my network is the router. Excuse me if I ask a few questions that have come up while setting up WPA2/AES enterprise. Using DDWRT 17798 on Buffalo WZR-HP-G300NH v2.

1) FreeRADIUS tab: What are "Clients"? Are they the IPs of APs allowed to talk to the FreeRADIUS server? So if I had only one AP, the router itself, I would just make it the IP of my router, or 127.0.0.1?

2) FreeRADIUS tab: Under "Users", what do the downstream/upstream field represent? Max speeds for each user? Are they in Kbps or KBps or what? I tried setting these fields to 1000 and it didn't see to affect things much.

3) FreeRADIUS tab: Under "Users", what does expiration represent? Does it mean I can tell it to automatically stop allowing a user to connect after, say, a week? Or is it just something about key renewal and they will still be able to connect indefinitely.

4) Wireless Security tab: What is "Radius Accounting?" Do I want it? Does the FreeRADIUS server built into DDWRT do it? Back on the FreeRAIDUS tab, it doesn't mention anything about Accounting, or having any service on port 1813. If my router has it, is it on port 1813, and is it the same shared secret as the Auth server?

5) FreeRADIUS tab: Are there any downsides to using the certificate that came with the software, the "DD-WRT FreeRadius Certificate"? When my wireless clients connect, it asks if I want to accept that certificate, and I just say yes. Will this certificate keep working for years without issue?

Thanks.
Sponsor
dtemp
DD-WRT Novice


Joined: 24 Aug 2010
Posts: 13

PostPosted: Mon Apr 23, 2012 8:16    Post subject: Reply with quote
Is this the right forum for this thread? Would this be better placed in a hardware forum?
habeIchVergessen
DD-WRT User


Joined: 04 May 2010
Posts: 427

PostPosted: Mon Apr 23, 2012 21:57    Post subject: Reply with quote
1. use IPs, that should authenticate via radius (router)
3. expiry date in days (used for certs too)
5. certs works for you? i got it working only with modified cert generation!
dtemp
DD-WRT Novice


Joined: 24 Aug 2010
Posts: 13

PostPosted: Tue May 08, 2012 6:15    Post subject: Reply with quote
habeIchVergessen wrote:
1. use IPs, that should authenticate via radius (router)
3. expiry date in days (used for certs too)
5. certs works for you? i got it working only with modified cert generation!


Yes certs work for me. So by "expiry date in days" you mean that user will stop having access after X days elapse?

Anyone else want to take a stab at my list of 5 questions above?
habeIchVergessen
DD-WRT User


Joined: 04 May 2010
Posts: 427

PostPosted: Wed May 09, 2012 21:21    Post subject: Reply with quote
do you used generated client certs for authentication?
or just accept the server cert while connecting with username and password?
dtemp
DD-WRT Novice


Joined: 24 Aug 2010
Posts: 13

PostPosted: Thu May 10, 2012 1:35    Post subject: Reply with quote
habeIchVergessen wrote:
do you used generated client certs for authentication?
or just accept the server cert while connecting with username and password?


The latter. I never tried the former. I realize this isn't the most secure thing but whatever, I'm not worried about MITM attacks on my little LAN.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum