I am trying to figure out the various authentication systems available and decide what is best for my setup. I am looking for advice. Here is what I want to do: This is for the marina that I am at and a group of 10 of us wanted internet, invested in the hardware and want to be able to access the system without logging in or anything like that. For this group, I was thinking of EAP-TLS as client side certificates would not be a problem. Being a marina, we get people in from time to time - mostly in the summer - who are only going to be there for a week or so and just want to check email or whatever. For these, I don't want to be dealing with client side certs as this raises the amount of time that I have to be administering the system exponentially. I was thinking of something along the lines of chillispot, but I have never been able to get that going, and I don't know whether the two systems can co-exist on the same AP. So, does anyone have any thoughts on what would be the best auth system to go with? I should also mention that I already have a varied group of systems to deal with, including Mac OS X, Win XP, linux and a couple of Win ME systems, so support has to be pretty broad. Thanks in advance. -- Ian Truelsen s/v Sting Email: ian.truelsen@gmail.com AIM: ihtruelsen MSN: ihtruelsen@hotmail.com Google Talk: ian.truelsen@gmail.com
Ian Truelsen wrote:
Here is what I want to do: This is for the marina that I am at and a group of 10 of us wanted internet, invested in the hardware and want to be able to access the system without logging in or anything like that. For this group, I was thinking of EAP-TLS as client side certificates would not be a problem. Being a marina, we get people in from time to time - mostly in the summer - who are only going to be there for a week or so and just want to check email or whatever. For these, I don't want to be dealing with client side certs as this raises the amount of time that I have to be administering the system exponentially. I was thinking of something along the lines of chillispot, but I have never been able to get that going, and I don't know whether the two systems can co-exist on the same AP.
Yes they can.
So, does anyone have any thoughts on what would be the best auth system to go with?
Use EAP-TLS with client certs for long-term users. Use EAP-TTLS or PEAP for everyone else. The same server certificate can be used in both places, for all those EAP types. You'll have to get the root CA onto their systems, but that's not difficult. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
Ian Truelsen