Re: Setting FreeRadius and Ldap. - Getting Educated Now
Ivan, Thanks for the url link to the missing documentation. Very helpful. Ldap is not going to work for EAP. Now I am facing a dilemma - deciding what WEP protocol to use based on my test setup. After reading the 'sites' and 'modules' files it seems that "some" WEP or EAP protocols are weaker than others, some not suggested for use. Here's what my test router and machines can handle. Router can provide - WEP 40/128 shared key, WEP Personal, WEP Enterprise Chiper: TKIP or AES Workstation:WEP 40/128 shared key, Leap, Dynamic WEP, WPA & WPA2 Personal & Enterprise Older Laptop: WEP 40/128 shared key, 802.1 Cisco LEAP or EAP FAST --this may be the limiting machine. I need to rely on list users experience for suggested paths to pursue? Steven -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Now I am facing a dilemma - deciding what WEP protocol to use based on my test setup. After reading the 'sites' and 'modules' files it seems that "some" WEP or EAP protocols are weaker than others, some not suggested for use.
Here's what my test router and machines can handle.
Router can provide - WEP 40/128 shared key, WEP Personal, WEP Enterprise Chiper: TKIP or AES
Workstation:WEP 40/128 shared key, Leap, Dynamic WEP, WPA & WPA2 Personal & Enterprise
Older Laptop: WEP 40/128 shared key, 802.1 Cisco LEAP or EAP FAST --this may be the limiting machine.
Use WPA2 Enterprise (PEAP) on the workstation and LEAP for older laptop. Server should support both in default configuration. Ivan Kalik Kalik Informatika ISP
Ivan, Based on your advice I need to set myself up as a user and start testing from my workstation. Since it seems I am missing the docs supplied in source (used packaged file) can you give me some guidance on minimum setting. 1. RADIUS server Shared Secret Where is the best place to set my RADIUS server Shared Secret? or can I use a default Shared Secret in Free Radius? 2. Users I will be using WPA Enterprise on my workstation and not sure of the following settings on in the 'users". DHCP is used for wireless users. If needed I could reserve an test address and place it here? Not sure if that's needed or practical. Here's what I gleaned from the users file I assume: steven Cleartext-Password := "xxxxxx" Service-Type = ???? what is used here for local wireless network ??? Anything else? Thanks Steven -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Hi,
Now I am facing a dilemma - deciding what WEP protocol to use based on my test setup. After reading the 'sites' and 'modules' files it seems that "some" WEP or EAP protocols are weaker than others, some not suggested for use.
dont use WEP. ever.
Router can provide - WEP 40/128 shared key, WEP Personal, WEP Enterprise Chiper: TKIP or AES
surely you mean WPA personal and WPA enterprise (TKIP or AES)? I would say WPA enterprise with AES. its the bext you can get currently on your kit
Older Laptop: WEP 40/128 shared key, 802.1 Cisco LEAP or EAP FAST --this may be the limiting machine.
the limiting factor here is most likely the software on the system - use a different tool to control the wireless authentication alan
Thanks Alan, WPA Enterprise with AES, I will do some more reading to understand the benefits of AES. As for the older laptop - I choose this unit because if represents the oldest of technologies that will be accessing the network. This IBM Thinkpad uses a Cisco (Calexico) internal wireless card using current Windows XP (SP3) card drivers (from IBM / Lenovo). So unless there is a better solution for controlling this wireless card I am stuck with dealing with its offerings: WEP, Cisco Leap and EAP FAST. Steven -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/08/2009 16:50, Steven Sprague wrote:
Thanks Alan,
WPA Enterprise with AES, I will do some more reading to understand the benefits of AES.
TKIP is semi-broken, in that you can do ARP poisoning attacks without needing the PMK. Were mandating WPA2-AES for this academic year. - -- Arran Cudbard-Bell <A.Cudbard-Bell@sussex.ac.uk>, Systems Administrator (AAA), Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqX/rcACgkQcaklux5oVKKx8gCgiovBkbrreyYeujZJtKqQFW5w UPoAoJHW3K0eFB/BTeoMIRppdzzQHjVM =d5FR -----END PGP SIGNATURE-----
participants (4)
-
Alan Buxey -
Arran Cudbard-Bell -
Ivan Kalik -
Steven Sprague