The first installment of this tutorial series introduced you to some ways in which you can implement WPA-Enterprise on your SOHO network. The second part covered the basics of setting up your own 802.1x RADIUS server. This third installment will continue by walking you through installing and configuring the Elektron RADIUS server. Weve chosen this server software due to its relatively low cost ($750) and its user-friendly interface thats quite easy to understand. The cost of other enterprise servers can be in the thousands of dollars and require a great deal of expertise, so this affordable, easy-to-use option is an excellent choice for small business owners working with a limited IT budget.
Downloading the Elektron RADIUS Server
Figure 1: Elektron Settings
(Click for larger image).
The first step is to visit the Periodik Labs Web site and download the software. You can take advantage of the 30-day fully functional trial before you have to purchase and enter a valid serial number. This gives you time to figure out if you really want to invest the money for the server, or if you want to compare with other servers or services.
Installing Elektron and Configuring the Digital Certificate
After the main installation of Elektron, another wizard will open to help you perform the digital certificate configuration of the server. When you get to the digital certificate setup step, youll probably want to create a new certificate hierarchy if you havent already purchased a digital certificate. For the server name, you can really just make something up; for example you can enter WPA.yourdomainname.com or even just your name if you dont have a Web site. The sever name, location, and other identification information you enter is used to create the certificate and will be visible when viewing the digital certificate file later.
Figure 2: Authentication Domain
(Click for larger image).
Creating a self-signed certificate using the wizard is fine for most small business and home deployments. For maximum security and ease when configuring your computers, however, you can consider purchasing a certificate designed for WLAN authentication and signed by a trusted authority, such as Verisign. Then you would import the certificate file into the Elektron program. If you go this route, then instead of manually installing the self-signed certificate file (you created using the wizard) on all your wireless computers, your computers can validate the servers identity using a trusted certificate authority (CA) thats already preloaded in Windows.
Now you can access the server administration program, named Elektron Settings (below), from the new Elektron Start menu entry.
Setting Up an Authentication Domain
You need to tell the server in which database to look up the account credentials when clients try to connect/authenticate to your wireless network. On the Elektron Settings program, under the Authentication section on the left menu, select the Authentication Domains entry. Then double-click the Default Authentication Domain entry. Youll see a dialog box, such as the one pictured below where you can select the database where you have your account list stored.
If you dont already have an account database, you can opt to authenticate using Elektron Accounts. Then you can add users to the built-in database, as discussed in the next section. If you have a larger and more complex network, you can set up multiple Authentication Domains. For example, clients belonging to Domain A are authenticated against the Active Directory and Domain B clients against the Elektron Accountsor whatever suits your needs.