The EAP Saga continues.

Evan Vittitow evan at terralab.com
Wed Jan 31 21:21:43 CET 2007


Alright, I'm going to step back and talk conceptually. The issue is that
the laptops use a combination of LDAP and Kerberos to authenticate to
the Domain Controllers. (OpenLDAP and a Kerberos KDC.) to authorize and
authenticate Humans. So you get a Chicken/Egg issue. You can't
authenticate Humans until you authenticate nodes, but a Human could not
enter MS-CHAPv2 passwords wothout logging in.

I want to be able to assign a Certificate to a Host, as long as the Host
carries the certificate, it can talk on the network. The Cert should be
individualized to each host. So, I'd like to be able give a host a cert,
and then let them use the network so they can login with User/Password.
I have a working CA now.



More information about the Freeradius-Users mailing list