User`s guide
Zebra Mobile Printers • Wireless Configuration Guide • rev. H 48
• Set Open Authentication with EAP, Network EAP, and no Key
Management
• Set WEP Encryption to Mandatory
• Configure a RADIUS server entry. Select the IP address and enter
its shared secret. (We will edit the shared secret on the RADIUS
server in the next step). By default the FreeRadius server listens
on TCP ports 1812 and 1813.
Select the RADIUS server’s IP ad-
dress in the Default Server Priorities (EAP Authentication section).
Configure the FreeRadius Server
NOTE: The FreeRadius server is available under the
GNU General Public License (GPL), and is freely downloadable
from the Internet. For our example we will be using a Windows
version of the server that can be downloaded from the FreeRa
-
dius.net website (
http://www.freeradius.net). This version of the
FreeRadius server requires the Windows XP operating system.
Download and install the server. In the FreeRadius.net group
click the ‘Edit Clients.conf’ icon. At the bottom of the file add
the following lines to create our test network. This will allow for
a range of access points that must also be configured with this
same shared secret.
client 192.168.1.0/24 {
secret = password
shortname= private-network-3
}
Save the file and open the “Eap.conf” file for editing. If neces-
sary, edit the line that reads ‘default_eap_type’ to select the
TTLS protocol:
default_eap_type =ttls
Save the file if changes are made.
Open the Radiusd.conf file. Locate the PAP module and
change the encryption_scheme to clear text as shown below.
Save the file if changes are made.
# DEFAULT: crypt
pap {
encryption_scheme = clear
}
Next we will verify the user credentials that our printer will
use to login to the network. Open the Users file. Just below the
user ‘FreeRADIUS.net-Client’ add a TTLS user ‘ttls’ as shown
below:
# Test TTLS user
ttls Auth-Type := pap, User-Password == “password”
Service-Type = Login-User
Save the file if changes are made.
The RADIUS server should now be configured correctly. Start
the server in debug mode by selecting the appropriate icon.
Once the server is initialized it will be ready to process re
-
quests and authenticate users.
CONFIGURING THE PRINTER FOR EAP-TTLS AUTHENTICATION
The necessary certificate files must be acquired and stored
on the printer to enable configuration for EAP_TTLS. Then the
appropriate printer parameters to enable EAP-TTLS authen-
tication must be configured. The following description uses
the demo certificates supplied with the Windows version of
FreeRadius. Locate the ‘DemoCerts’ folder of your FreeRadius
installation. At the time of this writing the default path and ver-
sion is:
C:\Program Files\FreeRADIUS.net-1.0.2-r0.0.8\etc\raddb\certs\
FreeRADIUS.net\DemoCerts
Only one certificate file is required in order to successfully
authenticate our printer using EAP-TTLS (a root certificate from
a certificate authority), and a user name and password that has
also been properly configured in the RADIUS server (in this
example the ‘ttls’ user that we setup previously). The certificate
file must be in PEM format. It needs to have a specific filename,
and must be stored in the printer’s flash file system. Copy the
following file from the FreeRadius ‘DemoCerts’ folder and place
continued