diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2010-02-12 18:15:06 -0500 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2010-02-12 18:15:06 -0500 |
| commit | 5949124cc3ebba7a01d97131852c0ad2a8b17702 (patch) | |
| tree | 4c99d00f6e1e165b3fd1eece0992ae8c3e1c1e5c | |
| parent | 8eaa727f5df9461093e025f9688ac3906434d76a (diff) | |
| download | pfsense-5949124cc3ebba7a01d97131852c0ad2a8b17702.zip pfsense-5949124cc3ebba7a01d97131852c0ad2a8b17702.tar.gz | |
Adding 802.1X Authentication support
| -rw-r--r-- | etc/inc/interfaces.inc | 15 | ||||
| -rwxr-xr-x | usr/local/www/interfaces.php | 29 |
2 files changed, 42 insertions, 2 deletions
diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index f6fc5fc..09f123e 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -1581,12 +1581,25 @@ wpa_group_rekey={$wlcfg['wpa']['wpa_group_rekey']} wpa_gmk_rekey={$wlcfg['wpa']['wpa_gmk_rekey']} wpa_strict_rekey={$wlcfg['wpa']['wpa_strict_rekey']} wpa_passphrase={$wlcfg['wpa']['passphrase']} -ieee8021x={$wlcfg['wpa']['ieee8021x']} #Enable the next lines for preauth when roaming. Interface = wired or wireless interface talking to the AP you want to roam from/to #rsn_preauth=1 #rsn_preauth_interfaces=eth0 EOD; + if($wlcfg['auth_server_addr'] && $wlcfg['auth_server_shared_secret']) { + $auth_server_port = "1812"; + if($wlcfg['auth_server_port']) + $auth_server_port = $wlcfg['auth_server_port']; + $wpa .= <<<EOD +ieee8021x=1 +auth_server_addr={$wlcfg['auth_server_addr']} +auth_server_port={$auth_server_port} +auth_server_shared_secret={$wlcfg['auth_server_shared_secret']} +EOD; + } else { + $wpa .= "ieee8021x={$wlcfg['wpa']['ieee8021x']}\n"; + } + $fd = fopen("{$g['varetc_path']}/hostapd_{$if}.conf", "w"); fwrite($fd, "{$wpa}"); fclose($fd); diff --git a/usr/local/www/interfaces.php b/usr/local/www/interfaces.php index 1ff6dcc..a2a07ed 100755 --- a/usr/local/www/interfaces.php +++ b/usr/local/www/interfaces.php @@ -228,6 +228,9 @@ if (isset($wancfg['wireless'])) { $pconfig['apbridge_enable'] = isset($wancfg['wireless']['apbridge']['enable']); $pconfig['authmode'] = $wancfg['wireless']['authmode']; $pconfig['hidessid_enable'] = isset($wancfg['wireless']['hidessid']['enable']); + $pconfig['auth_server_addr'] = $wancfg['wireless']['auth_server_addr']; + $pconfig['auth_server_port'] = $wancfg['wireless']['auth_server_port']; + $pconfig['auth_server_shared_secret'] = $wancfg['wireless']['auth_server_shared_secret']; if (is_array($wancfg['wireless']['wpa'])) { $pconfig['debug_mode'] = $wancfg['wireless']['wpa']['debug_mode']; $pconfig['macaddr_acl'] = $wancfg['wireless']['wpa']['macaddr_acl']; @@ -703,6 +706,9 @@ function handle_wireless_post() { $wancfg['wireless']['wpa']['wpa_gmk_rekey'] = $_POST['wpa_gmk_rekey']; $wancfg['wireless']['wpa']['passphrase'] = $_POST['passphrase']; $wancfg['wireless']['wpa']['ext_wpa_sw'] = $_POST['ext_wpa_sw']; + $wancfg['wireless']['auth_server_addr'] = $_POST['auth_server_addr']; + $wancfg['wireless']['auth_server_port'] = $_POST['auth_server_port']; + $wancfg['wireless']['auth_server_shared_secret'] = $_POST['auth_server_shared_secret']; if ($_POST['hidessid_enable'] == "yes") $wancfg['wireless']['hidessid']['enable'] = true; else if (isset($wancfg['wireless']['hidessid']['enable'])) @@ -1490,12 +1496,33 @@ $types = array("none" => "None", "static" => "Static", "dhcp" => "DHCP", "pppoe" </td> </tr> <tr> - <td valign="top" class="vncell">Enable IEEE802.1X</td> + <td valign="top" class="vncell">Enable IEEE802.1X Authentication</td> <td class="vtable"> <input name="ieee8021x" type="checkbox" value="yes" class="formfld" id="ieee8021x" <? if ($pconfig['ieee8021x']) echo "checked";?>> <br/>Setting this option will enable 802.1x authentication. </td> </tr> + <tr> + <td valign="top" class="vncell">802.1X Authentication Server IP Address</td> + <td class="vtable"> + <input name="auth_server_addr" id="auth_server_addr" type="text" class="formfld unknown" size="66" value="<?=htmlspecialchars($pconfig['auth_server_addr']);?>"> + <br/>Enter the IP address of the 802.1X Authentication Server. This is commonly a Radius server (FreeRadius, Internet Authentication Services, etc.) + </td> + </tr> + <tr> + <td valign="top" class="vncell">802.1X Authentication Server Port</td> + <td class="vtable"> + <input name="auth_server_port" id="auth_server_port" type="text" class="formfld unknown" size="66" value="<?=htmlspecialchars($pconfig['auth_server_port']);?>"> + <br/>Leave blank for the default 1812 port. + </td> + </tr> + <tr> + <td valign="top" class="vncell">802.1X Authentication Server Shared Secret</td> + <td class="vtable"> + <input name="auth_server_shared_secret" id="auth_server_shared_secret" type="text" class="formfld unknown" size="66" value="<?=htmlspecialchars($pconfig['auth_server_shared_secret']);?>"> + <br/> + </td> + </tr> <? endif; ?> <tr> <td colspan="2" valign="top" height="16"></td> |
