Tomato Router Setup
Since I only have a tomato router (linksys wrt54g) now, instruction here is based on tomato.
- Open a browser and open the router admin’s console, i.e.http://192.168.0.1
- Navigate to the wireless setting menuBasic/Network/Wireless
- Security: WPA2 Enterprise
Encryption: TKIP or AES, up to you
Shared Key: [Input the secret password assigned for the router, refer to /opt/etc/raddb/clients.conf]
Radius Server: [DiskStation IP address] : [Radius port 1812]
- Save the setting
Vista Wireless Client Setup
- Copy following files to the PC
- Install root certificate
- Double-click on ca.der.
- In the “Certificate” property box, click Install Certificate.
- In the Wizard, click Next.
- Choose Place all certificates in the following store, and choose “Trusted Root Certification Authorities”.
- Click Next to finish.
- Install client certificate(if you did not plan to authenticate user with client certificate then you can skip this step)
- Double-click on client.p12.
- In the Wizard, click Next and Next again.
- You will be asked for a password. This is the client certificate output_password specified. (Refer to client.cnf)
- Choose Automatically select the certificate store based on the type of certificate.
- Click Next to finish.
- Manage wireless networks
- At Network and Sharing Center menu, click Manage wireless networks.
- Right-click the highlighted the SSID and select Properties.
Click Connect automatically when this network is in range
Click Connect to a more preferred network if available
Click Connect even if the network is not broadcasting
- Click security tab
Security type: WPA2 Enterprise
Encryption type: AES or TKIP
EAP Type: EAP (PEAP)
Choose a network authentication method: Protected EAP (PEAP)
For debugging purpose, uncheck cache user information for subsequent connections to this network.
Once our setting is tested and success, we can enable the cache user information later.
** Noted: setting here MUST match the setting of router.
Click Setting button.
Click Validate server certificate
In the ‘Trusted Root Certification Authorities’ listbox, select your radius CA cert.
Select Authentication Method: Secured password (EAP-MSCHAP v2)
Click Enable Fast Reconnect
Click Configure button
UNCHECK Automatically use my Windows logon name and password
Done!! Now connect to your access point and you should be prompted for your ldap username and password.
*** IMPORTANT SambaNTPassword and SambaLMPassword is needed for LDAP user entries. Refer to modding series 9 for details creating these two ldap samba attributes for your wifi user.