Thank you for your reply David. I have a long way to go I guess. Have a nice day. /GK On Tue, May 6, 2008 at 10:02 AM, David Mitton <david@mitton.com> wrote:
George,
Your message came through just fine. But this is a voluntary list of users, and your question falls into an area that over hangs a long way outside of FreeRadius, possibly outside of the expertise in this group. I know a little about this space, so FWIW:
First off, Big Picture: to a certain extent, FR doesn't care if you are authenticating a user or a machine. It just approves (Access-Accept) the wireless connect or not. You have to configure FR so it finds, resolves and can authenticate the credentials supplied.
In your case EAP-TLS would be appropriate. I believe Microsoft gives you one of them on WinCE. You will have to install certs on the WinCE devices that meet the criteria on the client and server EAP-TLS module.
If you are trying to use FR to front end an Active Directory installation, this becomes more complicated. (I cannot describe that to you)
But even so, Remote Access authentication to AD is not a User logon, it's just access. The defaults favor user credentials or certificates, but you can configure anything that works, doesn't have to be users.
Also, WinCE "machines" are not the same as WinXP systems with their relationship to an Active Directory. They are not domain members that logon AD users. So this is not "machine authentication" in the AD sense. That said, the EAP system in WinCE is a fairly equivalent to the XP EAP, But I'm not sure if there is automatic machine connection attempt or what the source of credentials would be. (maybe from the registry?) Likely if the ability exists, you have to define it in the EAP configuration. This is a WinCE EAP client issue.
Good luck,
Dave.
May 6, 2008 08:49:37 AM, freeradius-users@lists.freeradius.org wrote:
Hi, I sent an email to the list yesterday but it seems it wasn't delivered. I'm resending it again.
/GK
On Mon, May 5, 2008 at 12:10 PM, George KNIGHT <georgeknight@gmail.com> wrote:
Hello All, I've been trying to setup an environment where WinCE OS client computers authenticate themselves using wireless connection to the freeradius v.2.0.3 server with PEAP. The authenticator will eventually be Cisco AP1242 AP but for now I am using Symbol AP300.
The way that I want to set this up is that the computers with WinCE OS will be used by users who shouldn't be asked any user name or input. All I want is WinCE machines to authenticate themselves with freeradius through certificates. Basically, I want machine authentication as opposed to user authentication.
Is there specific changes I have to do on conf files for this to work? Or any change at the client machines?
Thank you. George Knight
------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
George KNIGHT wrote:
Thank you for your reply David.
I have a long way to go I guess.
I understand. I've been hitting the same wall for 10 years. Q: How do I get FreeRADIUS working with a proprietary, undocumented, non-compliant vendor software? A: Damned if I know. When you find out, please tell us, so other people don't run into the same problem. ... and ... silence. Repeat that exchange every month for a decade, with different NAS vendors, Microsoft, supplicants, VPN's, etc. It's no wonder I'm a little cranky at times. I've put everything I know into the server, and people *still* get upset that FreeRADIUS is a PoS because they can't get some crappy vendor's products to work with it. What are we supposed to do? Your frustration is natural, but we're stuck, too. Alan DeKok.
participants (3)
-
Alan DeKok -
David Mitton -
George KNIGHT