Phone Lines icon GFI Support Home Start a conversation Sign in
Start a conversation
  1. KerioControl
  2. KerioControl - Interface
  3. Articles

Configuring RADIUS WiFi authentication with external Access Point (AP)

Overview

RADIUS is a protocol used for access to a computer network.

Kerio Control implements a RADIUS server for user authentication with your Wi-Fi access point (AP). This allows users to use their Kerio Control username and password to access your Wi-Fi.

Important: There is a known issue with Windows 7 clients: Windows 7 does not accept untrustworthy certificates. If your Windows 7 clients cannot connect through RADIUS, refer to Configuring Windows 7 clients manual.

Prerequisites

In the configuration below, Kerio Control NG110 and TP-link access point are both connected to the ISP-recommended Wi-Fi router.

Network_diagram.jpg

Control WAN IP address: 192.168.1.3

Screen_Shot_2020-12-16_at_11.57.02_AM.png

TP-link IP address: 192.168.1.9

Traffic Rules configured to allow NG110 and TP-link communication

Screen_Shot_2020-12-16_at_4.12.07_PM.png

Solution

Configuring Kerio Control

  1. In the administration interface, go to Domains and User Login.
  2. Select the Server Certificate. If you have one, use the certificate signed by a certification authority, because devices connecting to the Wi-Fi access point may have problems reading self-signed certificates.
  3. In Wi-Fi Authentication, select Enable external access point authentication.
  4. Type the RADIUS password - the same password used in the access point configuration. This might be called the shared key or shared secret in the Wi-Fi access point configuration.
    Screen_Shot_2020-12-16_at_11.59.33_AM.png
  5. Click the Apply button.

Note: Kerio Control does not support MS-CHAPv2 with Apple Open Directory. Kerio Control supports only Microsoft Active Directory (AD). Wi-Fi authentication works without any additional settings for AD.

Configuring your Wi-Fi access point

Each type of access point has a different configuration for connecting to a RADIUS server. Find and configure these items (the terminology may differ slightly):

  • Authentication method for the RADIUS server: IEEE 802.1x or WPA/WPA2 Enterprise.
  • RADIUS server: IP address where Kerio Control is running.
  • Port: 1812. It is the default port for the RADIUS protocol.
  • Shared key, shared secret, or RADIUS password: same as entered above, in the Configuring Kerio Control section.

Screen_Shot_2020-12-16_at_12.03.24_PM.png

Testing

Connect to your Access Point WiFi and click on Action Needed window.

action_needed.png

Specify Kerio Control username and password.

radius_login.png

The Success page will appear and a WiFi connection is established.

portal_success.png

Note: if AP supports Login page redirection, consult your AP manufacturer manuals as the configuration differs. Usually, you will need to confirm the SSL certificate warning to proceed with authentication.
Screen_Shot_2020-12-16_at_12.51.41_PM.png

Troubleshooting

If you face any problems, enable RADIUS, User Authentication and Packets dropped for some reason in Debug logs, while reproducing the issue.

Screen_Shot_2020-12-16_at_5.41.40_PM.png

 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments