7

This question is practically identical to this question, but the difference being that the authentication server is freeRADIUS on Ubuntu and the access-points are DD-WRT.

Additionally, I would like to know if there is any risk to disabling TTLS (which from what I understand the part of the authentication process that requires the certificate) or if that is even an option.

I understand now that there is a difference between TLS and TTLS. I want to use TTLS, since it does not require client configuration. I have assigned the answer to the post below because it helped come to this realization and I have edited the title to better reflect his conclusion.

Seanny123
  • 370
  • 3
  • 15
  • You might want to update your question with the stipulation that you only want to eliminate certificate use between the clients and the RADIUS server - that seems to be doable within the WPA2 Enterprise spec, though I'm still trying to figure out how you'd implement that, exactly. – HopelessN00b Aug 18 '12 at 02:43

1 Answers1

5

Skipping the marketing crap, "WPA2 Personal" uses the hash of a passphrase to secure the session key exchange and establish access to the wireless network. "WPA2 Enterprise" uses 802.1x EAP to secure the exchange. Technically the WiFi hardware could support any EAP Method, but only EAP-TLS (Certificates) was required for the WiFi certification (it's been changed now, but was this way for a while), so it's commonly the only one well supported. PEAP, EAP-TTLS, and EAP-SIM are now also supported, though setting them up is mostly just as bad.

Chris S
  • 77,337
  • 11
  • 120
  • 212
  • Thank you for the clarification. If 802.1X is actually what I desire and Eduroam uses 802.1X, can you tell me what I'm supposed to Google so that I can find a way to configure the dynamic acceptance of certificates as shown on [this webpage](http://ist.uwaterloo.ca/cs/wireless.html#toc-connecting-win-7)? You see, I was under the impression that certificates had to be configured on the user device prior to configuration, but if this dynamic configuration is an option, I would like to use it. – Seanny123 Aug 18 '12 at 03:26
  • I understand now that what my link is pointing to is TLS and what I currently have configured on my DD-WRT router and RADIUS setup is TTLS. I will try and find out how to change my configuration. – Seanny123 Aug 18 '12 at 20:01