Somewhat OT: Captive portal on acess points instead complex?supplicant at level end user?
Alexander Clouter
alex at digriz.org.uk
Mon Dec 15 21:01:08 CET 2008
Sergio Belkin <sebelk at gmail.com> wrote:
>
> Thanks for ideas,
>
> In fact, some things you suggest I am using right now :) for example:
>
> *Automatized SecureW2 installer (ttls)
> *Web Page with "secondary" password for peap
>
> But even so, some users find somewhat hard to use.
>
We seem to have no real problems with SecureW2 and our userbase. Mac OS
X users 'import' the configuration (if they are 10.3 or 10.4) and WinXP
users get a light time of it would my SecureW2 preconfiguration script
with some NSIS wrapper action to spoonfeed them during problematic bits.
Of course SecureW2 + WinXP + SP3 + wired 802.1X is fruity at the moment
which is out current problem, however that's a grumble for another
thread.
The only problems we have is that we are 'awkward' and force WPA2 only
and do not give into those WPA (version 1) TKIP weenies.
> I've tried with no success at this moment use more than one SSID on
> OpenWRT on Linksys WRT54GL...
>
Do not ever go down this route[1]. It completely negates the point of
having a WPA Enterprise network when someone comes along with an evil
twin network and gets the user to install a 'springboard' application to
get onto the better network. It's as counterproductive as using
PEAP/TTLS without full certificate validation.... :-/
If you want my NSIS and/or SecureW2 INF file do drop me an email. The
springboard'ing issue we resolved by dumping everything onto a CD and
distributed them to the masses that way. Even if this is not an option
for you (like us in education with 'student welcome packs') if you make
the CD's readily available near hotspots and what not in public areas
people will find what they need.
Cheers
Alex
[1] I have convinced my self it's safe for a wired network, getting
non-802.1X clients 802.1X'ified, but just not worth the risk for
wireless clients
--
Alexander Clouter
.sigmonster says: Succumb to natural tendencies. Be hateful and boring.
More information about the Freeradius-Users
mailing list