Somewhat OT: Captive portal on acess points instead complex?supplicant at level end user?

Alexander Clouter alex at
Mon Dec 15 21:01:08 CET 2008

Sergio Belkin <sebelk at> wrote:
> Thanks for ideas,
> In fact, some things you suggest I am using right now :) for example:
> *Automatized SecureW2 installer (ttls)
> *Web Page with "secondary" password for peap
> But even so, some users find somewhat hard to use.
We seem to have no real problems with SecureW2 and our userbase.  Mac OS 
X users 'import' the configuration (if they are 10.3 or 10.4) and WinXP 
users get a light time of it would my SecureW2 preconfiguration script 
with some NSIS wrapper action to spoonfeed them during problematic bits.

Of course SecureW2 + WinXP + SP3 + wired 802.1X is fruity at the moment 
which is out current problem, however that's a grumble for another 

The only problems we have is that we are 'awkward' and force WPA2 only 
and do not give into those WPA (version 1) TKIP weenies.

> I've tried with no success at this moment use more than one SSID on
> OpenWRT on Linksys WRT54GL...
Do not ever go down this route[1].  It completely negates the point of 
having a WPA Enterprise network when someone comes along with an evil 
twin network and gets the user to install a 'springboard' application to 
get onto the better network.  It's as counterproductive as using 
PEAP/TTLS without full certificate validation.... :-/

If you want my NSIS and/or SecureW2 INF file do drop me an email.  The 
springboard'ing issue we resolved by dumping everything onto a CD and 
distributed them to the masses that way.  Even if this is not an option 
for you (like us in education with 'student welcome packs') if you make 
the CD's readily available near hotspots and what not in public areas 
people will find what they need.



[1] I have convinced my self it's safe for a wired network, getting 
	non-802.1X clients 802.1X'ified, but just not worth the risk for 
	wireless clients

Alexander Clouter
.sigmonster says: Succumb to natural tendencies.  Be hateful and boring.

More information about the Freeradius-Users mailing list