The RADIUS (Remote Authentication Dial In User Service) server feature of QNAP NAS provides centralized Authentication and Authorization management for computers to connect and use a network service.
- RADIUS server only supports PAP, EAP-TLS/PAP, and EAP-TTLS/PAP authentication schemes for system user accounts.
- You can only use wireless routers which support WPA-enterprise or WPA2-enterprise with the RADIUS server of QNAP NAS.
QNAP RADIUS Architecture
- Users request permission to use the wireless network.
- The wireless router receives the request and transfers the request to the RADIUS server (QNAP NAS).
- The RADIUS server receives the request and processes the information.
- The RADIUS server sends the result back to the wireless router.
- The wireless router will allow or deny the user based on the results the RADIUS server sends back.
Follow the steps below to set up the QNAP NAS as a RADIUS server:
Set up RADIUS server (QNAP NAS)
1. Login the NAS as an administrator. Enable RADIUS server in “Application Servers” > “RADIUS Server”. Click “Apply”.
*Select “Grant dial-in access to system user accounts” to allow the local NAS users to use the RADIUS service.
2. Go to “RADIUS Server” > “RADIUS Clients”. Click “Create a New Client” to create RADIUS clients, e.g. a wireless router.
*The NAS supports maximum 10 RADIUS clients.
3. Enter the information of the client. Click “Apply”.
*The IP address and prefix length uses CIDR (Classless Inter-Domain Routing) representation.
Sample:
Prefix Length | Class | Hosts* | Mask |
32 | 1/256 C | 1 | 255.255.255.255 |
31 | 1/128 C | 2 | 255.255.255.254 |
30 | 1/64 C | 4 | 255.255.255.252 |
29 | 1/32 C | 8 | 255.255.255.248 |
28 | 1/16 C | 16 | 255.255.255.240 |
27 | 1/8 C | 32 | 255.255.255.224 |
26 | 1/4 C | 64 | 255.255.255.192 |
25 | 1/2 C | 128 | 255.255.255.128 |
24 | 1 C | 256 | 255.255.255.000 |
23 | 2 C | 512 | 255.255.254.000 |
4. Go to “RADIUS Server” > “RADIUS Users”. Click “Create a New User” to add RADIUS users. You can also delete, enable, or disable the RADIUS users on this page.
The number of RADIUS users the NAS supports is the same as the maximum number of users supported. Please see www.qnap.com for details.
Set up wireless router (RADIUS client)
Enter the information of the RADIUS server (QNAP NAS) on the wireless router (RADIUS client). In this example, Cisco E1000 wireless router (firmware 2.1.02) is used.
- Security Mode: Choose “WPA2 Enterprise”.
- RADIUS Server: Enter the IP address of the QNAP NAS, for example: 192.168.1.113.
- RADIUS Port: 1812
- Shared Secret: Same as the Secret Key configured on “RADIUS Server” > “RADIUS Clients” of the NAS, for example: 87654321.
How to connect to a Wi-Fi network from your devices?
After setting up the NAS as a RADIUS server and having configured the settings on the client (wireless router), you will be authenticated by the NAS when trying to access the Wi-Fi network.
A. Connect to the Wi-Fi network by a mobile device.
iPhone 3GS is used in this example.
- Enable Wi-Fi on the iPhone.
- Choose the wireless AP, CiscoE1000.
- Enter the user name and password configured in “RADIUS Server” > “RADIUS Users” of the NAS. If the option “Grant dial-in access to system user accounts” is enabled in “RADIUS Server” > “Server Settings”, you can access the Wi-Fi network using the login information of a local NAS user.
- Accept the certificate.
- You can connect to the Wi-Fi network upon successful login.
B. Connect to the Wi-Fi network from Mac.
- Turn on Wi-Fi on the Mac. Then choose the network CiscoE1000.
- Enter the username and password configured in “RADIUS Server” > “RADIUS Users” of the NAS. If the option “Grant dial-in access to system user accounts” is enabled in “RADIUS Server” > “Server Settings”, you can access the Wi-Fi network using the login information of a local NAS user.
- Accept the certificate.
- You can connect to the Wi-Fi network upon successful login.
C. Connect to the Wi-Fi network from Windows7.
Follow the steps below to set up the Wi-Fi connection on Windows 7:
- Go to “Control Panel” > “Network and Internet” > “Manage Wireless Networks”.
- Add a wireless network. Enter the network name* and choose “WPA2-Enterprise” as the security type. Select “AES” as the encryption type. Leave the security key blank. Click “Next”.
* The network name should be the same as the Wi-Fi network name. - Click “Change connection settings”.
- Under the “Security” tab, select “Microsoft: Protected EAP (PEAP)” as the network authentication method. Click “Settings” next to the drop-down menu.
- Uncheck “Validate server certificate”. Select “Secured password (EAP-MSCHAP v2)” as the authentication method. Then click “Configure” next to the drop-down menu.
- Uncheck “Automatically use my Windows logon name and password (and domain if any).” Click “OK”.
- Click the wireless network icon on the taskbar. Select the Wi-Fi network “CiscoE1000”.
- Enter the user name and password configured in “RADIUS Server” > “RADIUS Users” of the NAS. If the option “Grant dial-in access to system user accounts” is enabled in “RADIUS Server” > “Server Settings”, you can access the Wi-Fi network using the login information of a local NAS user.
- Upon successful login, you can connect to the Wi-Fi network.