Page 45 of 55
airPoint™ Nexus User Configuration Guide
i n t e l l i g e n t w i r e l e s s p l a t f o r m
make > mymake.log 2>&1
If you encounter problems, you can review mymake.log (or myconfig.log, or myinstall.log) for errors.
b. FreeRadius -- Download the latest FreeRADIUS snapshot.We downloaded the file to our home
directory. The snapshot is located at:
»ftp://
ftp.freeradius.org/pub/radius/CVS-snap..
Then we used the following nine steps:
mkdir -p /usr/src/802/radius
cd /usr/src/802/radius
cp /home/jbibe/freeradius-snapshot-20040203.tar.gz \
freeradius-snapshot-20040203.tar.gz
gunzip freeradius-snapshot-20040203.tar.gz
tar xvf freeradius-snapshot-20040203.tar
cd freeradius-snapshot-20040203
./configure --with-openssl-includes=/usr/local/openssl/include \
--with-openssl-libraries=/usr/local/openssl/lib \
--prefix=/usr/local/radius
make
make install
That completes the work with FreeRADIUS, except for building certificates, making the changes to the
FreeRADIUS configuration files, moving the server certificates to their final location, and building a
wrapper for radiusd.
2. Produce Certificates
Server and client certificates are needed for TLS and PEAP. To produce the required certificates, We
recommend that you use CA.all that is included with FreeRADIUS. CA.all uses the configuration
information in openssl.cnf.
a. openssl.cnf -- Update openssl.cnf for your configuration. The configuration file is located at:
/usr/local/openssl/ssl
A portion of the information from our openssl.cnf is given below. (The company information is does
not describe an actual company located in Brentwood, TN.) Note that the configuration information
includes the password "whatever". It is the certificate password.
When CA.all executes, it uses this information three times. The first pass through this information
produces the root certificates. If you set up your configuration as shown below, you will be able to
accept all of the settings in the first pass. The second pass through this information produces the
client certificates. You only need to change the commonName to the client name. In our case, We
changed the commonName to jbibe. The third pass through this information produces the server
certificates. You only need to change the commonName to the server name. In our case, we changed
the commonName to micron.
----- Example -------------------------------------------
...
# req_extensions = v3_req