On Wed, Nov 09, 2016 at 10:45:49AM -0200, Luiz Fernando Mizael Meier wrote:
Today we have an PSK SSID and it is a mess. We change the password and after a week the whole world already know the password again.
Which is the problem with shared secrets.
Now we have some computers to run specific softwares. This machines aren't joined our domain and we don't want them to. They are just a terminal for specific use only. The problem with the PSK is the security.
Sounds like the ideal situation for EAP-TLS and certificates.
If we could validate this machines via mac and not asking for username/password would be the perfect scenario. I though I could do this authorization based in the link below, but I think I am misunderstanding something.
The options are: - 802.1X (EAP) on its own - 802.1X *and* MAC auth - MAC auth As this is wireless, you're stuck with the 802.1X bit unless you do PSK. So you can either do it on its own, or in combination with MAC auth. Some wireless systems will let you do PSK with MAC auth against RADIUS IIRC. But MAC auth isn't really "auth", more like a filter with very large holes. So as I wrote before. You can't do 802.1X/EAP MAC-auth only. Matthew -- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>