Banning users in a nice way...
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Fri Jun 29 10:43:52 CEST 2007
Hi,
> Oh and by broken I mean windows XP type broken, as in will only attempt
> TLS authentication broken... and sends the username and password a user
> logged into the machine with by default broken... and so can never work
> out of the box broken.
FWIW, an unconfigured Windows XP box will not send anything on EAP-TLS
for either wired or wireless either - as it needs to have a private
certificate or smartcard. both of which are absent. only if you
do a quick change of that default entry to make it PEAP will the next
broken bits appear (use windows login/password for authentication etc)
no. the only sane way is to provide an open wifi connection which
is a walled garden under which they can read onfig docs or install
a nice configurator program to set their wifi up properly
> and were assuming people running linux are clever enough to setup x
> supplicant without support :)
if they can get their wifi drivers compiled and running, configuring
wpa_supplicant is easy! PS dont forget folks that wpa_supplicant
also works on the wired interfaces on linux too....so dot1x on wired
is 'trivial' with linux
alan
More information about the Freeradius-Users
mailing list