Thanks, yoy're rigth. I'ill continue this way, the problem is not the "effort", but I was trying to complete the picture Freeradius+MySql+EAP_TLS+Cisco AP without success. Keep trying... On Tue, Sep 14, 2010 at 5:25 AM, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
I´ll like to know if there is a way to configurates a Radius server + Mysql to authenticate Wireless clients via a Cisco AP without certificates (EAP TLS), only a username and password
err, EAP needs certs..thats a fundamental building block. the RADIUS server needs to be signed by a CA and the client needs to have that CA installed onto it. you can make things easier by getting your RADIUS server signed by a CA that is built into most of your clients - eg get a thawte or verisign signed cert.
its a BAD BAD thing not to enable radius server checking and CA checking on your client..... the public key infrastructure is a major part of the security of 802.1X and if you thinks its 'too much effort' then I'll show you a nasty man-in-middle fake AP and radius server that will get all your users usernames and passwords. all run in a 512Mb VM on a basic laptop :-(
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- *Esteban Talavera* * * *Proyectos ITW* Tel. +(58)212 7623035 +(58)212 7620504 Cel. +(58)412 2892006 Fax +(58)212 7615965