<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
If you've got sufficient control over CPE and CPE is all
sufficiently capable, you should be doing EAP-TLS authentication
anyway. if CPE is compromised, you can simply reflash, replace the
credentials, and revoke the old ones.<br>
<br>
On 9/20/2011 04:18, Raz Muhammad wrote:
<blockquote
cite="mid:0E7C9CC8CFE73C4787A5834529A547F705219BF6A4@ZEUS.cerberusnetworks.co.uk"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Courier New";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="font-family:"Courier
New"">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">We are successfully running the following version
on our network for our DSL users.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">FreeRADIUS Version 2.1.7, for host
i686-redhat-linux-gnu, built on Mar 31 2010 at 00:25:31<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">Copyright (C) 1999-2009 The FreeRADIUS server
project and contributors.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">FreeRADIUS was compiled with MySQL and radcheck
is used for authentication along with other relevant tables.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">We recently had a scenario where security of a
CPE is a concern, and using PPP authentication is not
enough. Someone suggested using Routers mac address along
with PPP username/password authentication. But this method
would relay on getting the router Mac address during the PPP
negotiation, and it might be coming via the
calling-station-id attribute, some suggestions are about
using EAP and certifcates on the router.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">I would like to find out what would be the best
way to go for extra layer of authentication based security
while using FreeRADIUS? and how can that be done with MySQL?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">Regards<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New"">Raz<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier
New""><o:p> </o:p></span></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<br>
</body>
</html>