Jump to content

WPA2 Enterprise?

maxtch
By maxtch
in Networking
 Share
Posted

I am considering using WPA2 Enterprise for my home Wi-Fi as it offers better security than WPA2 PSK. Anyone have done it before?

The NASter machine as listed in my signature is my router. It runs vanilla Ubuntu Server and should be able to be configured as the authentication server.

The Fruit Pie: Core i7-9700K ~ 2x Team Force Vulkan 16GB DDR4-3200 ~ Gigabyte Z390 UD ~ XFX RX 480 Reference 8GB ~ WD Black NVMe 1TB ~ WD Black 2TB ~ macOS Monterey amd64

The Warship: Core i7-10700K ~ 2x G.Skill 16GB DDR4-3200 ~ Asus ROG Strix Z490-G Gaming Wi-Fi ~ PNY RTX 3060 12GB LHR ~ Samsung PM981 1.92TB ~ Windows 11 Education amd64
The ThreadStripper: 2x Xeon E5-2696v2 ~ 8x Kingston KVR 16GB DDR3-1600 Registered ECC ~ Asus Z9PE-D16 ~ Sapphire RX 480 Reference 8GB ~ WD Black NVMe 1TB ~ Ubuntu Linux 20.04 amd64

The Question Mark? Core i9-11900K ~ 2x Corsair Vengence 16GB DDR4-3000 @ DDR4-2933 ~ MSI Z590-A Pro ~ Sapphire Nitro RX 580 8GB ~ Samsung PM981A 960GB ~ Windows 11 Education amd64
Home server: Xeon E3-1231v3 ~ 2x Samsung 8GB DDR3-1600 Unbuffered ECC ~ Asus P9D-M ~ nVidia Tesla K20X 6GB ~ Broadcom MegaRAID 9271-8iCC ~ Gigabyte 480GB SATA SSD ~ 8x Mixed HDD 2TB ~ 16x Mixed HDD 3TB ~ Proxmox VE amd64

Laptop 1: Dell Latitude 3500 ~ Core i7-8565U ~ NVS 130 ~ 2x Samsung 16GB DDR4-2400 SO-DIMM ~ Samsung 960 Pro 512GB ~ Samsung 850 Evo 1TB ~ Windows 11 Education amd64
Laptop 2: Apple MacBookPro9.2 ~ Core i5-3210M ~ 2x Samsung 8GB DDR3L-1600 SO-DIMM ~ Intel SSD 520 Series 480GB ~ macOS Catalina amd64

Link to comment
https://linustechtips.com/topic/522559-wpa2-enterprise/
Share on other sites
Link to post
Share on other sites
Posted

I am considering using WPA2 Enterprise for my home Wi-Fi as it offers better security than WPA2 PSK. Anyone have done it before?

The NASter machine as listed in my signature is my router. It runs vanilla Ubuntu Server and should be able to be configured as the authentication server.

It's the same as WPA2/PSK personal. Enterprise is a just a version that relies on a centralized controller that facilitates the authentication. No point to do it for home use unless you like over-complicating things for funzies.

Link to comment
https://linustechtips.com/topic/522559-wpa2-enterprise/#findComment-6941474
Share on other sites
Link to post
Share on other sites
Posted
  • Author

It's the same as WPA2/PSK personal. Enterprise is a just a version that relies on a centralized controller that facilitates the authentication. No point to do it for home use unless you like over-complicating things for funzies.

I have 3 access points that have to be kept in sync.

The Fruit Pie: Core i7-9700K ~ 2x Team Force Vulkan 16GB DDR4-3200 ~ Gigabyte Z390 UD ~ XFX RX 480 Reference 8GB ~ WD Black NVMe 1TB ~ WD Black 2TB ~ macOS Monterey amd64

The Warship: Core i7-10700K ~ 2x G.Skill 16GB DDR4-3200 ~ Asus ROG Strix Z490-G Gaming Wi-Fi ~ PNY RTX 3060 12GB LHR ~ Samsung PM981 1.92TB ~ Windows 11 Education amd64
The ThreadStripper: 2x Xeon E5-2696v2 ~ 8x Kingston KVR 16GB DDR3-1600 Registered ECC ~ Asus Z9PE-D16 ~ Sapphire RX 480 Reference 8GB ~ WD Black NVMe 1TB ~ Ubuntu Linux 20.04 amd64

The Question Mark? Core i9-11900K ~ 2x Corsair Vengence 16GB DDR4-3000 @ DDR4-2933 ~ MSI Z590-A Pro ~ Sapphire Nitro RX 580 8GB ~ Samsung PM981A 960GB ~ Windows 11 Education amd64
Home server: Xeon E3-1231v3 ~ 2x Samsung 8GB DDR3-1600 Unbuffered ECC ~ Asus P9D-M ~ nVidia Tesla K20X 6GB ~ Broadcom MegaRAID 9271-8iCC ~ Gigabyte 480GB SATA SSD ~ 8x Mixed HDD 2TB ~ 16x Mixed HDD 3TB ~ Proxmox VE amd64

Laptop 1: Dell Latitude 3500 ~ Core i7-8565U ~ NVS 130 ~ 2x Samsung 16GB DDR4-2400 SO-DIMM ~ Samsung 960 Pro 512GB ~ Samsung 850 Evo 1TB ~ Windows 11 Education amd64
Laptop 2: Apple MacBookPro9.2 ~ Core i5-3210M ~ 2x Samsung 8GB DDR3L-1600 SO-DIMM ~ Intel SSD 520 Series 480GB ~ macOS Catalina amd64

Link to comment
https://linustechtips.com/topic/522559-wpa2-enterprise/#findComment-6943365
Share on other sites
Link to post
Share on other sites
Posted

Worked with WPA2 enterprise a bit with clients.

 

Basically you need to setup a radius server that supports it. Freeradius is good option and dont need to pay anything. You have a ubuntu server so can install it on there. 

 

I personally use a mikrotik to allow the authentications to raidus server. 

 

Personally wouldnt do this setup in a home enviroment at all. too much hassle. 

Dream on little dreamer.

Link to comment
https://linustechtips.com/topic/522559-wpa2-enterprise/#findComment-6943474
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Worked with WPA2 enterprise a bit with clients.

 

Basically you need to setup a radius server that supports it. Freeradius is good option and dont need to pay anything. You have a ubuntu server so can install it on there. 

 

I personally use a mikrotik to allow the authentications to raidus server. 

 

Personally wouldnt do this setup in a home enviroment at all. too much hassle. 

 

If not using WPA2 Enterprise, how can I keep all three access points' authentication settings in sync without performing the same configuration three times? I configured my three access points to be a wireless roaming network.

The Fruit Pie: Core i7-9700K ~ 2x Team Force Vulkan 16GB DDR4-3200 ~ Gigabyte Z390 UD ~ XFX RX 480 Reference 8GB ~ WD Black NVMe 1TB ~ WD Black 2TB ~ macOS Monterey amd64

The Warship: Core i7-10700K ~ 2x G.Skill 16GB DDR4-3200 ~ Asus ROG Strix Z490-G Gaming Wi-Fi ~ PNY RTX 3060 12GB LHR ~ Samsung PM981 1.92TB ~ Windows 11 Education amd64
The ThreadStripper: 2x Xeon E5-2696v2 ~ 8x Kingston KVR 16GB DDR3-1600 Registered ECC ~ Asus Z9PE-D16 ~ Sapphire RX 480 Reference 8GB ~ WD Black NVMe 1TB ~ Ubuntu Linux 20.04 amd64

The Question Mark? Core i9-11900K ~ 2x Corsair Vengence 16GB DDR4-3000 @ DDR4-2933 ~ MSI Z590-A Pro ~ Sapphire Nitro RX 580 8GB ~ Samsung PM981A 960GB ~ Windows 11 Education amd64
Home server: Xeon E3-1231v3 ~ 2x Samsung 8GB DDR3-1600 Unbuffered ECC ~ Asus P9D-M ~ nVidia Tesla K20X 6GB ~ Broadcom MegaRAID 9271-8iCC ~ Gigabyte 480GB SATA SSD ~ 8x Mixed HDD 2TB ~ 16x Mixed HDD 3TB ~ Proxmox VE amd64

Laptop 1: Dell Latitude 3500 ~ Core i7-8565U ~ NVS 130 ~ 2x Samsung 16GB DDR4-2400 SO-DIMM ~ Samsung 960 Pro 512GB ~ Samsung 850 Evo 1TB ~ Windows 11 Education amd64
Laptop 2: Apple MacBookPro9.2 ~ Core i5-3210M ~ 2x Samsung 8GB DDR3L-1600 SO-DIMM ~ Intel SSD 520 Series 480GB ~ macOS Catalina amd64

Link to comment
https://linustechtips.com/topic/522559-wpa2-enterprise/#findComment-6943572
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Worked with WPA2 enterprise a bit with clients.

 

Basically you need to setup a radius server that supports it. Freeradius is good option and dont need to pay anything. You have a ubuntu server so can install it on there. 

 

I personally use a mikrotik to allow the authentications to raidus server. 

 

Personally wouldnt do this setup in a home enviroment at all. too much hassle. 

 

If not using WPA2 Enterprise, how can I keep all three access points' authentication settings in sync without performing the same configuration three times? I configured my three access points to be a wireless roaming network.

The Fruit Pie: Core i7-9700K ~ 2x Team Force Vulkan 16GB DDR4-3200 ~ Gigabyte Z390 UD ~ XFX RX 480 Reference 8GB ~ WD Black NVMe 1TB ~ WD Black 2TB ~ macOS Monterey amd64

The Warship: Core i7-10700K ~ 2x G.Skill 16GB DDR4-3200 ~ Asus ROG Strix Z490-G Gaming Wi-Fi ~ PNY RTX 3060 12GB LHR ~ Samsung PM981 1.92TB ~ Windows 11 Education amd64
The ThreadStripper: 2x Xeon E5-2696v2 ~ 8x Kingston KVR 16GB DDR3-1600 Registered ECC ~ Asus Z9PE-D16 ~ Sapphire RX 480 Reference 8GB ~ WD Black NVMe 1TB ~ Ubuntu Linux 20.04 amd64

The Question Mark? Core i9-11900K ~ 2x Corsair Vengence 16GB DDR4-3000 @ DDR4-2933 ~ MSI Z590-A Pro ~ Sapphire Nitro RX 580 8GB ~ Samsung PM981A 960GB ~ Windows 11 Education amd64
Home server: Xeon E3-1231v3 ~ 2x Samsung 8GB DDR3-1600 Unbuffered ECC ~ Asus P9D-M ~ nVidia Tesla K20X 6GB ~ Broadcom MegaRAID 9271-8iCC ~ Gigabyte 480GB SATA SSD ~ 8x Mixed HDD 2TB ~ 16x Mixed HDD 3TB ~ Proxmox VE amd64

Laptop 1: Dell Latitude 3500 ~ Core i7-8565U ~ NVS 130 ~ 2x Samsung 16GB DDR4-2400 SO-DIMM ~ Samsung 960 Pro 512GB ~ Samsung 850 Evo 1TB ~ Windows 11 Education amd64
Laptop 2: Apple MacBookPro9.2 ~ Core i5-3210M ~ 2x Samsung 8GB DDR3L-1600 SO-DIMM ~ Intel SSD 520 Series 480GB ~ macOS Catalina amd64

Link to comment
https://linustechtips.com/topic/522559-wpa2-enterprise/#findComment-6943600
Share on other sites
Link to post
Share on other sites
Posted

Have the same wireless settings, except for channels, is the way to go. Authentication settings will have to be changed on each APs you have. Since you only have 3, doing it manually is good enough. Having a RADIUS server just meant that you can change wireless password and it propagate on the connected APs.

Link to comment
https://linustechtips.com/topic/522559-wpa2-enterprise/#findComment-6943696
Share on other sites
Link to post
Share on other sites
Posted

Have the same wireless settings, except for channels, is the way to go. Authentication settings will have to be changed on each APs you have. Since you only have 3, doing it manually is good enough. Having a RADIUS server just meant that you can change wireless password and it propagate on the connected APs.

Passwords aren't actually propagated to anything with WPA2/PSK Enterprise. The AP's just relay authentication requests to the server.

 

Other than that, pretty much exactly what you said.

Link to comment
https://linustechtips.com/topic/522559-wpa2-enterprise/#findComment-6951728
Share on other sites
Link to post
Share on other sites
Posted

Depending on the type of AP, there might be a management tool available (e.g Ubiquiti's single managment portal, Mikrotik's CAPsMAN, Ruckus' ZoneFlex, etc) - basically if they're all from the same conpany, and are meant for use as a deployed network of APs, the manufacturer probably has something that lets you configure all three as one group.

Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: 

 

Link to comment
https://linustechtips.com/topic/522559-wpa2-enterprise/#findComment-6953287
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Depending on the type of AP, there might be a management tool available (e.g Ubiquiti's single managment portal, Mikrotik's CAPsMAN, Ruckus' ZoneFlex, etc) - basically if they're all from the same conpany, and are meant for use as a deployed network of APs, the manufacturer probably has something that lets you configure all three as one group.

 

My three access points are mixed-brand job. A Netgear one, a TP-Link wireless router loaded with DD-WRT firmware, and an Apple Time Capsule.

The Fruit Pie: Core i7-9700K ~ 2x Team Force Vulkan 16GB DDR4-3200 ~ Gigabyte Z390 UD ~ XFX RX 480 Reference 8GB ~ WD Black NVMe 1TB ~ WD Black 2TB ~ macOS Monterey amd64

The Warship: Core i7-10700K ~ 2x G.Skill 16GB DDR4-3200 ~ Asus ROG Strix Z490-G Gaming Wi-Fi ~ PNY RTX 3060 12GB LHR ~ Samsung PM981 1.92TB ~ Windows 11 Education amd64
The ThreadStripper: 2x Xeon E5-2696v2 ~ 8x Kingston KVR 16GB DDR3-1600 Registered ECC ~ Asus Z9PE-D16 ~ Sapphire RX 480 Reference 8GB ~ WD Black NVMe 1TB ~ Ubuntu Linux 20.04 amd64

The Question Mark? Core i9-11900K ~ 2x Corsair Vengence 16GB DDR4-3000 @ DDR4-2933 ~ MSI Z590-A Pro ~ Sapphire Nitro RX 580 8GB ~ Samsung PM981A 960GB ~ Windows 11 Education amd64
Home server: Xeon E3-1231v3 ~ 2x Samsung 8GB DDR3-1600 Unbuffered ECC ~ Asus P9D-M ~ nVidia Tesla K20X 6GB ~ Broadcom MegaRAID 9271-8iCC ~ Gigabyte 480GB SATA SSD ~ 8x Mixed HDD 2TB ~ 16x Mixed HDD 3TB ~ Proxmox VE amd64

Laptop 1: Dell Latitude 3500 ~ Core i7-8565U ~ NVS 130 ~ 2x Samsung 16GB DDR4-2400 SO-DIMM ~ Samsung 960 Pro 512GB ~ Samsung 850 Evo 1TB ~ Windows 11 Education amd64
Laptop 2: Apple MacBookPro9.2 ~ Core i5-3210M ~ 2x Samsung 8GB DDR3L-1600 SO-DIMM ~ Intel SSD 520 Series 480GB ~ macOS Catalina amd64

Link to comment
https://linustechtips.com/topic/522559-wpa2-enterprise/#findComment-6961434
Share on other sites
Link to post
Share on other sites
Posted

My three access points are mixed-brand job. A Netgear one, a TP-Link wireless router loaded with DD-WRT firmware, and an Apple Time Capsule.

Ok. You should be able to setup your ubuntu server to run a RADIUS service for your APs. Anything else hindering you from doing it?

Link to comment
https://linustechtips.com/topic/522559-wpa2-enterprise/#findComment-6961454
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Ok. You should be able to setup your ubuntu server to run a RADIUS service for your APs. Anything else hindering you from doing it?

 

I never figured out how to get FreeRADIUS to work. Ideally I want not just RADIUS, but also PAM integration so Samba and netatalk AFPd (I have multiple Apple devices so AFP is a must-have) can work in harmony.

The Fruit Pie: Core i7-9700K ~ 2x Team Force Vulkan 16GB DDR4-3200 ~ Gigabyte Z390 UD ~ XFX RX 480 Reference 8GB ~ WD Black NVMe 1TB ~ WD Black 2TB ~ macOS Monterey amd64

The Warship: Core i7-10700K ~ 2x G.Skill 16GB DDR4-3200 ~ Asus ROG Strix Z490-G Gaming Wi-Fi ~ PNY RTX 3060 12GB LHR ~ Samsung PM981 1.92TB ~ Windows 11 Education amd64
The ThreadStripper: 2x Xeon E5-2696v2 ~ 8x Kingston KVR 16GB DDR3-1600 Registered ECC ~ Asus Z9PE-D16 ~ Sapphire RX 480 Reference 8GB ~ WD Black NVMe 1TB ~ Ubuntu Linux 20.04 amd64

The Question Mark? Core i9-11900K ~ 2x Corsair Vengence 16GB DDR4-3000 @ DDR4-2933 ~ MSI Z590-A Pro ~ Sapphire Nitro RX 580 8GB ~ Samsung PM981A 960GB ~ Windows 11 Education amd64
Home server: Xeon E3-1231v3 ~ 2x Samsung 8GB DDR3-1600 Unbuffered ECC ~ Asus P9D-M ~ nVidia Tesla K20X 6GB ~ Broadcom MegaRAID 9271-8iCC ~ Gigabyte 480GB SATA SSD ~ 8x Mixed HDD 2TB ~ 16x Mixed HDD 3TB ~ Proxmox VE amd64

Laptop 1: Dell Latitude 3500 ~ Core i7-8565U ~ NVS 130 ~ 2x Samsung 16GB DDR4-2400 SO-DIMM ~ Samsung 960 Pro 512GB ~ Samsung 850 Evo 1TB ~ Windows 11 Education amd64
Laptop 2: Apple MacBookPro9.2 ~ Core i5-3210M ~ 2x Samsung 8GB DDR3L-1600 SO-DIMM ~ Intel SSD 520 Series 480GB ~ macOS Catalina amd64

Link to comment
https://linustechtips.com/topic/522559-wpa2-enterprise/#findComment-6961885
Share on other sites
Link to post
Share on other sites
Posted

If not using WPA2 Enterprise, how can I keep all three access points' authentication settings in sync without performing the same configuration three times? I configured my three access points to be a wireless roaming network.

 

With Mikrotik it is slightly different. 

 

Our setup is also slightly different to yours but should work the same. 

 

Mikrotik gateway with PPTP to our network, routes to radius servers. Mikrotik has radius client on it with secrets etc. Client connects to wireless with WPA2-EAP, gets sent to router gateway and then forwarded to Radius - radius says yay or nay - sends packet back and then couple seconds either connected or not.

 

Our setup works with username and password. By sounds of things you want just password. In the Radius server would configure the client.conf file with passwords. I tried to do the setup earlier and failed a bit. 

 

Personally not strong with Radius. Only strong with Mikrotik and our works setups. 

Dream on little dreamer.

Link to comment
https://linustechtips.com/topic/522559-wpa2-enterprise/#findComment-6962367
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×