WPA2 Enterprise without a Client-End Certificate

authentication wifi radius wpa2

This question is practically identical to this question, but the difference being that the authentication server is freeRADIUS on Ubuntu and the access-points are DD-WRT.

Additionally, I would like to know if there is any risk to disabling TTLS (which from what I understand the part of the authentication process that requires the certificate) or if that is even an option.

I understand now that there is a difference between TLS and TTLS. I want to use TTLS, since it does not require client configuration. I have assigned the answer to the post below because it helped come to this realization and I have edited the title to better reflect his conclusion.


Solution 1:

Skipping the marketing crap, "WPA2 Personal" uses the hash of a passphrase to secure the session key exchange and establish access to the wireless network. "WPA2 Enterprise" uses 802.1x EAP to secure the exchange. Technically the WiFi hardware could support any EAP Method, but only EAP-TLS (Certificates) was required for the WiFi certification (it's been changed now, but was this way for a while), so it's commonly the only one well supported. PEAP, EAP-TTLS, and EAP-SIM are now also supported, though setting them up is mostly just as bad.

Related

DNS Server Behind NAT
decommissioning WINS
CentOS iscsi initiator has session but there is no block device
Can't reload supervisor with supervisorctl 'reload' command
How to install Ubuntu Server 12.04 in a Virtualbox VM with UEFI boot enabled [closed]
How are the hashes in /etc/shadow generated?
How do I poll the ARP table with an SNMP OID?
Network bandwidth usage per process Windows Server 2003
AD Custom Attribute with unique value
iSCSI using uplink ports on switch
How to decrypt IKVe2 in Wireshark using StrongSwan log info?
"No route to host" with ssl but not with telnet