More wireless client configuration
Setup of Windows 7 is totally same as vista, with one extra step below.
In the wireless Network Properties, where you choose security type and encryption type of your wifi access point, click Advanced settings.
In the 802.1x settings, click ‘Specify authentication mode:’ and then select ‘User authentication’.
Modify wifi network.
Security: 802.1x EAP
EAP method: PEAP
Phase 2 authentication: MSCHAPV2
CA certificate: (unspecified)
User certificate: (unspecified)
Identity: [ldap user name]
Anonymous identity: [blank]
Password: [ldap user password]
I did not bother with installing CA/client cert on the phone yet. Of course this will introduce man-in-the-middle attack but I need to get things working first. I’ll update here later about the certs thing for Android.
Update Nov 23 2011 Installing CA and client certificate to Android Phone
You need to install CA/client certificate to your phone only if you enforce client certificate, if you did not generate client certificate, just skip the steps here.
Firstly go to Settings / Location & Security settings / Credential storage / Set password, input your password. We will need this password when installing CA cert to the phone.
Installing client certificate
Copy client.p12 to the ROOT of the phone’s SD card/USB storage. Then go to Settings / Location & Security / Credential Storage / Install from SD card. Input the output password of your client’s certificates.
Installing server certificate
To install CA’s certificate, login to Diskstation as root.
# cp /opt/etc/raddb/certs/ca.pem /volume1/web/ca.pem
# chown nobody:nobody /volume1/web/ca.pem
Create the /volume1/web/cert.php using codes below
Then open the stock browser of your android phone, input the URL
replace the ip address 192.168.1.100 to your NAS address.
Once both CA and client certificates are installed, get back to the WIFI setup and select the CA cert and client cert from the list.