Home » Categories » Kerio Control » Server configuration - Kerio Control
Icon Printer Icon Email      Icon Twitter Icon Digg Icon Stumbleupon Icon de.icio.us Icon FaceBook

Using RADIUS server in Kerio Control

RADIUS server overview

RADIUS (Remote Authentication Dial In User Service) is a protocol used for access to a computer network.

Kerio Control implements a RADIUS server for user authentication with your Wi-Fi access point. This allows users to use their Kerio Control username and password to access your Wi-Fi.

There is a known issue with Windows 7 clients: Windows 7 do not accept untrustworthy certificates. If you Windows 7 clients cannot connect through RADIUS, read the Configuring Windows 7 clients section.

Configuring Kerio Control

  1. In the administration interface, go to Domains and User Login.

  2. Select the Server certificate.

    If you have one, use the certificate signed by a certification authority, because devices connecting to Wi-Fi access point may have problems reading self-signed certificates.

  3. In Wi-Fi Authentication, select Enable external access point authentication.

  4. Type the RADIUS password.

    You must type the same password used in the access point configuration. This might be called the shared key or shared secret in the Wi-Fi access point configuration.

  5. Click the Apply button.

Kerio Control does not support MS-CHAPv2 with Apple Open Directory. Kerio Control supports only Microsoft Active Directory.

Wi-Fi Authentication

Wi-Fi Authentication

Users authentication in Microsoft Active Directory

The Wi-Fi authentication works without any additional settings.

Configuring your Wi-Fi access point

Each type of access point has a different configuration for connecting to a RADIUS server. Find and configure these items (note that terminology may differ slightly):

  • Authentication method for the RADIUS server: IEEE 802.1x or WPA/WPA2 Enterprise.

  • RADIUS server: IP address where Kerio Control is running.

  • Port: 1812. It is the default port for the RADIUS protocol.

  • Shared key, shared secret, or RADIUS password: Entered above, in the Configuring Kerio Control section.

Configuring Windows 7 clients

If your users with Windows 7 cannot connect through RADIUS:

  • Your Windows 7 clients are connected to your network through Wi-Fi without RADIUS or through the Ethernet cable: Import a Kerio Control local authority as root certificate to Windows 7 clients. You can:

    Although Windows 7 knows the SSL certificate, the The connection attempt cannot be completed warning appears at users's clients during the first connection attempt. Users must click Connect in this window.

  • Your clients are not connected to your network: Create a profile in the Manage Network Center on each Windows 7 client manually. Windows 7 clients do not validate the Kerio Control SSL certificate:

    1. In Windows 7, click the Start menu.

    2. Go to Control Panel → Network and Internet → Network and Sharing Center → Manage wireless networks.

    3. Click Add.

      The Manually connect to a wireless network dialog opens.

    4. Select Manually create a network profile.

    5. In the next step, type the SSID name in the Network name field.

    6. In Security type, select WPA2-Enterprise.

    7. In Encryption type, select AES.

    8. Select Start this connection automatically.

    9. Select Connect even if the network is not broadcasting.

    10. Click Next.

    The Successfully added page appears.

    Now, you must unselect validation of a server certificate:

    1. Click Change connection settings.

    2. On the Security tab, click Settings.

      The Protected EAP Properties opens.

    3. Unselect Validate server certificate.

    4. In Authentication Method, select Secured password (EAP-MSCHAP v2).

    5. Click Configure.

      The EAP-MSCHAP v2 Properties opens.

    6. Unselect Automatically use my Windows logon on name and password.

    7. Click OK.

    Now, you must specify the computer authentication:

    1. On the Security tab, click Advanced settings.

    2. Select the 802.1X settings tab.

    3. Select Specify authentication mode.

    4. Select User authentication.

    5. Click OK.

    Windows 7 does not validate the SSL certificate and users can connect through your Wi-Fi to the network.

comments powered by Disqus