Server certificate can be generated when the package eltex-radius-nbi
is installed. Specify certificate parameters during the package installation.
root@vagrant-ubuntu-trusty-64:/home/vagrant#
- Enter pass: |
If you already have root@vagrant-ubuntu-trusty-64:/home/vagrant# root@vagrant-ubuntu-trusty-64:/home/vagrant# |
After that, a certificate will be generated.
Successfully generated the server certificate URL of the server certificates: http://localhost:8080/eltex-radius-nbi/certificates/server.zip Run the script to setup Eltex RADIUS server: /var/lib/eltex-radius-nbi/setup_er_eap.sh - Reconfigure file '/etc/eltex-radius-nbi/radius_nbi_config.txt' SoftWLC Northbound is installed. Tomcat service will be restarted... To check the service works, open the URL: http://localhost:8080/axis2/services/RadiusNbiService?wsdl To read documentation, visit the following URL: http://localhost:8080/eltex-radius-nbi/asciidoc/ |
Then run the script setup_er_eap.sh:
root@vagrant-ubuntu-trusty-64:/home/vagrant# cd /var/lib/eltex-radius-nbi/ |
A created server certificate allows generating certificated for Enterprise users. If a TLS certificate should be used for authorization, it must be specified during Enterprise user creation.
Step-by-step description of certificate creation process:
Open the file cat /etc/eltex-radius-nbi/radius_nbi_config.txt and specify an address that is referred by a user to request the Admin Panel (127.0.0.1 by default).
# tomcat url tomcat.host=127.0.0.1 tomcat.port=8080 |
3. Specify user parameters and click the checkbox "Create certificate".
By default, a certificate is valid for 3650 days. Change this parameter if necessary.
After a user is created, his parameters can be seen. Check the tab "TLS" to verify a certificate has been generated.
Open the SSID manager in the "Wireless" menu.
Click "Add SSID".
Specify the following key parameters:
Type - Enterprise
Name - test_enterprise
Domain - root
Security mode - WPA Enterprise
RADIUS IP Address - 192.168.50.1 (ip address of your Radius server).
RADIUS Key - eltex
RADIUS accounting - up
RADIUS accounting period - 600
Select radio interfaces to which a created SSID will be assigned.
When a SSID is assigned to all radio interfaces ("Radio" - "All"), it is recommended to enable "Bandsteer" (click the checkbox) for priority connection of devices supporting the both ranges to the 5 GHz network.
When a SSID is assigned to one radio interface, the mode "Bandsteer" should be disabled.
Click the checkbox "TLS enabled'.
After the button "Accept" is clicked, a created SSID will be displayed in "SSID table".
Assign a SSID to access points by selecting a created SSID and clicking "Add SSID link".
Select a key for linking in the appeared window. It can be a MAC address or a node's domain. Select devices to link (access points or nodes ) and click "Сreate a link", the corresponding indicator will turn from yellow to green. Click "Accept".
A window with the question "Do you want also to fix SSID links?" will be opened. If it is necessary to assign a created SSID to access points immediately, click "Yes". If a link should be added to the table, but should not be applied to an access point, click "No". If necessary, a SSID can be assigned to an access point by clicking "Repair" on the tab "SSID links". Otherwise, a link will be fixed by a corresponding monitor (once a day by default).
A SSID assigning process can be managed via the tab "Operations log".
A created link will be displayed on the tab "SSID links".
A SSID will be assigned to the first A result can be seen on the tab "Configuration/Virtual access points".
It is necessary to install a certificate to a client's device. To do that, enter the Admin Panel, go to the section "Wi-Fi users/Enterprise users" and select a user created earlier. In the opened window and click the button "Create certificate" on the tab "TLS".
The .txt file contains necessary information on a certificate. The parameters Name and Password will be necessary.
Name: test
Domain: root
Password: test
Period: 3650
Organization name: Eltex
Country code: RU
State: Novosibirsk Oblast
Locality: Novosibirsk
Organization unit name: Wireless network IT
Contact e-mail: eltex@eltex.nsk.ru
The value "test" of the "Name" parameter matches the name of the user created via the Admin panel. The value of "Password" is the same. |
Contents of the downloaded archive should be copied to a client's device.