Cambium access points have the ability to authenticate CPE's via a Radius server. This means that, admin's does not have to maintain local passwords for wireless authentication: each CPE/radio can have its own account in the Splynx ISP Framework, and our Radius server will authenticate the Cambium CPE's.
All files required for this setup can be downloaded here: Cambium-Files
Copy the "camb-ca.crt" file into the /etc/ssl/camb-ca.crt directory
Copy the "cert-829.pem" file into the /etc/ssl/certs/cert-829.pem directory
Copy the "key-829.pem" file to the /etc/ssl/private/key-829.pem directory
Run the following command in the CLI of the server:
chown root:ssl-cert /etc/ssl/private/key-829.pem
As well as:
chmod 640 /etc/ssl/private/key-829.pem
tls-config tls-common and edit it as follows:tls-config tls-common {
# private_key_password = *user-defined password*
private_key_file = /etc/ssl/private/key-829.pem
certificate_file = /etc/ssl/certs/cert-829.pem
ca_file = /etc/ssl/camb-ca.crt
}
Config / Networking / Radius extended - and set the following parameters:Force network to use one NAS - YES
Network - Any network can be used
Default NAS Id - set correct NAS ID (Device that will show online users)
For Ubuntu 20.04 (from Splynx 3.1) you should add to file /etc/ssl/openssl.cnf:
after line: oid_section = new_oids
openssl_conf = default_conf
[ default_conf ]
ssl_conf = ssl_sect
[ ssl_sect ]
system_default = system_default_sect
[ system_default_sect ]
MinProtocol = TLSv1
CipherString=DEFAULT:@SECLEVEL=1