New Thread: EAP for Cisco AP.

Evan Vittitow evan at terralab.com
Mon Jan 15 13:05:05 CET 2007


A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>   
>> The next stage of Radius is using it to secure my Wireless network. I'm
>> fairly sure EAP-TLS is Certificate based, and EAP-MD5 has to do with
>> using an MD5 Has as a "Shared Secret"
>>
>> But, I don't completely understand PEAP, and how it relates to MS-CHAP v2.
>>     
>
> before implementing a broken system I recommend that you purchase and
> read a book called 'Wi-Foo' . this will help you understand all of these
> protocols and methods.
>
> alan
> - 
>
>   
I wouldn't call what I've done so far a "broken system" (My MS-CHAPv2
VPN system works.)

Basically the idea is that I need the Wireless Nodes (XSupplicant) to be
able to talk on the network and authorize connections. But these need to
be Host based, not user based. Because the NSS stuff comes from LDAP.
and PAM comes from Kerberos. So, I think that the host needs to be
authenticated before the users can actually "Log in".

The thing is, I'm not sure how the Aironet 340 does Radius. Can the use
of EAP be voluntary at first to assure it works? (Clear Clients still
working.)



More information about the Freeradius-Users mailing list