Thanks, yoy're rigth.  I'ill continue this way, the problem is not the "effort", but I was trying to complete the picture Freeradius+MySql+EAP_TLS+Cisco AP without success.
Keep trying...


On Tue, Sep 14, 2010 at 5:25 AM, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,

> IŽll like to know if there is a way to configurates a Radius server + Mysql to authenticate Wireless clients via a Cisco AP without  certificates (EAP TLS), only a username and password

err, EAP needs certs..thats a fundamental building block. the RADIUS server needs to be signed by a CA
and the client needs to have that CA installed onto it. you can make things easier by getting your RADIUS
server signed by a CA that is built into most of your clients - eg get a thawte or verisign signed cert.

its a BAD BAD thing not to enable radius server checking and CA checking on your client..... the
public key infrastructure is a major part of the security of 802.1X and if you thinks its 'too much effort'
then I'll show you a nasty man-in-middle fake AP and radius server that will get all your users usernames
and passwords. all run in a 512Mb VM on a basic laptop  :-(


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--

Esteban Talavera


Proyectos ITW

Tel.    +(58)212 7623035

+(58)212 7620504

Cel. +(58)412 2892006

Fax       +(58)212 7615965