Bit Bucket

Happy to report that the Linksys WMP11 card works perfectly with FreeBSD (and, thus, the pfSense firewall). I did some additional tinkering with the box, and now have the following interfaces:WAN: My DSL connection.LAN: The "normal" home network; this is the network that my RADIUS-enabled WiFi connects to.WiFi: My new access point with the WMP11 c...

Today I went to an area hamfest and spent a couple hours wandering around with a friend of mine. Lots of fun stuff to look at, but I was a bit leary about making any big-ticket purchases. (Hamfest purchases are like a box of chocolates... etc....) Was unsuccessful in finding a power supply I needed, but I happened by a table that had all sorts of cheap WiFi gear. While I was tempted to grab one of everything, I settled for getting an old-ish looking Linksys wireless PCI card for a whopping $5. I didn't even check the model number or anything... I just figured that even if it turns out to be a dud, I'm only out a few bucks.

Before the fresh info in my brain fades into the realm of "that was cool a while ago", I wanted to be sure I posted copies of all the working config files here for the RADIUS/WiFi setup. I will add some commentary where applicable, but this is basically just going to be a laundry list. (If anyone actually reads this and has any questions, I'll be happy to add more descriptiveness.)The Equipment:

• ZyXEL P-330W Wireless Router (firmware v1.8)
• Pentium III server: OpenBSD 4.2, FreeRADIUS 1.1.6, OpenSSL 0.9.7j
• Laptop (WiFi client): Windows XP SP2
• Laptop (WiFi client): Debian GNU/Linux 4.1 (etch), wpa_supplicant 0.5.5

Got it.I poked around the mailing list for wpa_supplicant  for a bit... and while I didn't discover a specific fix for my problem, I did find that you can run wpa_supplicant from the command line with the "-dd" option for extremely verbose output. Dumping the output to a file, I found the following section that sounded kind of familiar to what...

Normally, I think those userbars in signatures can be a bit obnoxious. I really don't care who is an American Idol Watcher, or who is a Pot Smoker, or whatever. However, I tinkered a bit, and came up with one that I think I can tolerate:http://img233.imageshack.us/img233/2302/userbar620838fl2.gif  Basically a vanity job, also showing off my new domain...

Ironically enough -- since the article I was referencing for my FreeRADIUS / EAP-TLS / WiFi setup was written in Linux Journal magazine -- I've had some difficulty getting my linux laptop connected to the AP. With WPA-PSK (i.e. WPA with a password), it worked fine with the madwifi drivers and the wpa_supplicant  program. However, trying to tweak wpa_s...

Happy to say that I finally got all the parts of the WiFi RADIUS authentication working on my home network this evening, a little after midnight. As of this writing, my two Windows XP laptops now connect automatically... now I just have to figure out how to set it up on my Debian laptop. (I don't have any of the fancy-schmancy GUI utilities on it, so...

Okay, I have finally gotten to the point where I'm using OpenSSL to create certificates. As much as I hate to just copy and paste stuff into a command line and press return, the tutorial I've been following has done a pretty good job of explaining along the way. At some point I am going to go back through the man page and see what the various opti...

Apparently the default openssl.cnf that comes with OpenBSD has been "streamlined" so that some stuff required by the how-to guide I'm following is missing. I'm not l33t enough to work around it, so I found that copy/pasting chunks from the OpenSSL source download of the same version seems to work OK. Have to pay attention to the error mess...

K.I.S.D... for "Keep It Simple, Dumbass"I don't know much about RADIUS as a protocol, and I don't know much about the FreeRADIUS app. I have used Microsoft's bizarro-RADIUS implementation called "Internet Authentication Service"... through which I managed to set up what I think is EAP-TLS on a domain, used for wireless and VPN authentication. I more or less clickey-clicked my way through, and couldn't re-explain to anyone else at this point how I managed to do it. (I hope it doesn't break!)Anyway, as with most things in the *nix world, FreeRADIUS uses various configuration files to keep track of the program options. I found a web-based GUI utility, called Dialup Admin, that is apparently the "official" GUI for FreeRADIUS (never mind that it hasn't been updated in the last few years). I thought it would help ease my transition into the wonderful world of AAA/RADIUS if I installed this utility. You know, just until I figured out the configuration files.