husku at husku.net
Wed Feb 7 11:56:33 CET 2007
Phil Mayers wrote:
> Mikko Husari wrote:
>> im currently running eap-tls with username and password (from ldap), but
>> now we're having a bunch of "stupid" wlan-client machines, and we need
>> an simple mac-auth (from ldap?) to the network. basic idea: (example
>> from outside world) "so, no certificate and login credentials, cant let
>> you in. but im on an vip-list!. Oh, i see, come on in, sorry for
>> inconvenience", for now we are happy to get just that to work, next
> Most APs will require a separate SSID for this I think - your MAC-auth
> one will need to be unauthenticated and the 802.1x one WPA (or whatever)
> and the beacon frames will reflect that.
> Having said that, assuming your AP can authenticate the MACs against
> radius (many can - Ciscos can) then FreeRadius can do it fine, it's very
> simple. Do you have a specific question?
>> level would be something concerning vlans... i think (in the long run)
> Again, provided the AP supports it, easy.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
well, im not so sure the ap-supports mac-auth using radius... it is
zyxel zyair g-1000, manual did not say anything about radius+mac, other
sort of radius is supported (has to be cause it works)
More information about the Freeradius-Users