Freeradius + MySql + Wireless Clients without certificates
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Tue Sep 14 20:38:04 CEST 2010
Hi,
> > I´ll like to know if there is a way to configurates a Radius server + Mysql
> > to authenticate Wireless clients via a Cisco AP without certificates (EAP
> > TLS), only a username and password
yes. we use Cisco APs - we used to use them in autonomous mode but moved to the
lightweight LWAPP (now CAPWAP) mode a few years back.
I would not recommend broken captive portals. 802.1X is the way forward
(and is now beign mandated by several government and education procurement
systems around the world - expect any half-decent auditor to pick up on this too.
for EAP, you can use EAP-PEAP or EAP-TTLS - in which your RADIUS server
has a certificate signed by a CA. the clients dont need certificates, they
just need to have the CA on them that signed the RADIUS server (for trust!)
alan
More information about the Freeradius-Users
mailing list