wireless+freeradius+AD
Laker Netman
laker_netman at yahoo.com
Sat Nov 19 06:16:41 CET 2005
Hi all. I have been running freeradius for quite a
while now to authenticate dial-up users through our
Cisco 3660. Additionally, I configured several of our
internal devices for AAA. This has all worked quite
well and I have been using a MySQL backend.
Now I am getting ready to deploy a wireless network in
our facility and need to lock it down.
My idea is to have our users authenticate and
authorize against our active directory. Then, to
provide access to guests, just create a bogus wireless
user that doesn't exist in the AD, so radius falls
back to a different auth method (sql) to let the user
at least get on and get an address from our dhcp. I
basically have this model working through regular
telnet and PPP right now, less the wireless piece.
I have successfully set up authentication to AD, but I
have some questions and concerns. I have done quite a
bit of research on this and read the pertinent files
in the /doc folder included with the FR software. So,
I hope my questions make sense.
First: We do not allow anonymous binding to our AD
LDAP. So, for testing to date, I have used
"Administrator" and the associated password in the
config file. Obviously this is less than ideal :)
What is the best or better alternative? Allowing
anonymous bind? Creating a bind-only "user" for auth
purposes?
Am I correct that the NAS passes the username and
password to FR in cleartext?
Is there any method to send/receive the password
between FR and AD encrypted?
If I want to use WPA with TKIP (or preferably AES) do
I *have* to have a supplicant? Most hosts will be XP,
though there is a slim chance I may have to deal with
others.
Lastly, as I mentioned earlier, I have googles, read,
googled, read, a *lot* of info. Is there a CONCISE
site anywhere on the web the defines everything needed
without leaving out the *one* critical piece that
actually makes it work? ;-)
Thanks in advance,
Laker
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
More information about the Freeradius-Users
mailing list