-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/14/10 11:38 AM, Alan Buxey wrote:
Hi,
I´ll like to know if there is a way to configurates a Radius server + Mysql to authenticate Wireless clients via a Cisco AP without certificates (EAP TLS), only a username and password
yes. we use Cisco APs - we used to use them in autonomous mode but moved to the lightweight LWAPP (now CAPWAP) mode a few years back.
I would not recommend broken captive portals. 802.1X is the way forward (and is now beign mandated by several government and education procurement systems around the world - expect any half-decent auditor to pick up on this too. for EAP, you can use EAP-PEAP or EAP-TTLS - in which your RADIUS server has a certificate signed by a CA. the clients dont need certificates, they just need to have the CA on them that signed the RADIUS server (for trust!)
I agree for the most part. However, captive portals will still be in use for guest access. There's less administrative and helpdesk overhead for this type of deployment. On windows machines, the CA/cert trust has to be explicitly enabled. This can be a barrier for un-managed and non-employee machines. - -- Kevin Ehlers Network Engineer University of Oregon -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyPxQUACgkQ0l216NgIDryV7ACfdCwwbjP6y4dWsNUOQS0x5woK JQ4Amwa3WK5kSoGHvzX1FPiUxJp1cQt9 =opmK -----END PGP SIGNATURE-----