a freeradious/wireless solution for a school
jonr at destar.net
jonr at destar.net
Thu Jan 25 19:07:15 CET 2007
Quoting gkalinec <gkalinec at newroads.org>:
What would, in your opinion, be better? TTLS or PEAP?
I believe with TTLS you would need to load software on each computer, can
someone else verify that? I am using PEAP and it works with Windows, Macs and
linux(using wpa_supplicant or xsupplicant).
> Also, if I had a laptop for school-only use (say, for example, a laptop that
> we provide for the users), in this case the wireless connection would ned to
> be establish without user input (for example, have he machine connected
> already so that the user can log into the machine through windows).
When using PEAP when your user logs in for the first time and validates their
identity and accepts your cert, they never have to repeat the process, unless
they get a new machine. When they come back into contact with your hotspot
their computer will automagically log them back in.
Could I
> then still use either of these methods (and generate a client cert to log
> in), or should I implement a different solution?
If you are using PEAP or TTLS you don't need a client cert, you can have one but
it is not needed. Trying to get a client cert to every user could be a real
pain, it might be easier if you use AD to push it to each system, I don't use
AD, so I can't say for sure.
Hope that helps,
Jon
More information about the Freeradius-Users
mailing list