Using tokens for 802.1x auth
stasheck
stasheck.fora at gmail.com
Thu Mar 24 09:37:35 CET 2011
Hi,
I have an idea I thought will be quite easy to implement, but it
turned out I can't figure how to do this on my own.
Company I work for issues software (Java) tokens for our employees
that need external access. They're based on proprietary system (CERB)
and we're using them with a great success for authenticating access
for our Juniper Gateway device - with a little help from Freeradius
(2.0.4, to be precise).
CERB system is plugged into radius via something like this (in radiusd.conf):
exec cerb {
wait = yes
program = "/usr/local/bin/cerbauth.sh freeradius"
input_pairs = request
output_pairs = reply
}
Now, I wanted to use those token also for 802.1x authentication for
our WiFi network, as it'd be safer than using just regular
username/password (which might be too weak) and more convenient than
certificates (it happened a couple of times that employees laptop has
been stolen).
For WiFi, we are using H3C WX30xx Access Controllers, which try to use
EAP, which in turn doesn't provide clear-text password that could be
used for cerb exec.
I'm pretty much stuck - either I got something wrong (Freeradius, WPA,
EAP etc. are still quite new for me), or it just can't be done.
Anyway, I figured I might just write here and hope that someone at
least tell me that everything above is just plain wrong :-)
/br
Stan
More information about the Freeradius-Users
mailing list