Somewhat OT: Captive portal on acess points instead complex?supplicant at level end user?

Sergio Belkin sebelk at gmail.com
Mon Dec 15 22:08:34 CET 2008


2008/12/15 Alexander Clouter <alex at digriz.org.uk>:
> Sergio Belkin <sebelk at gmail.com> wrote:
>>
>> Thanks for ideas,
>>
>> In fact, some things you suggest I am using right now :) for example:
>>
>> *Automatized SecureW2 installer (ttls)
>> *Web Page with "secondary" password for peap
>>
>> But even so, some users find somewhat hard to use.
>>
> We seem to have no real problems with SecureW2 and our userbase.  Mac OS
> X users 'import' the configuration (if they are 10.3 or 10.4) and WinXP
> users get a light time of it would my SecureW2 preconfiguration script
> with some NSIS wrapper action to spoonfeed them during problematic bits.
>
> Of course SecureW2 + WinXP + SP3 + wired 802.1X is fruity at the moment
> which is out current problem, however that's a grumble for another
> thread.
>
> The only problems we have is that we are 'awkward' and force WPA2 only
> and do not give into those WPA (version 1) TKIP weenies.
>
>> I've tried with no success at this moment use more than one SSID on
>> OpenWRT on Linksys WRT54GL...
>>
> Do not ever go down this route[1].  It completely negates the point of
> having a WPA Enterprise network when someone comes along with an evil
> twin network and gets the user to install a 'springboard' application to
> get onto the better network.  It's as counterproductive as using
> PEAP/TTLS without full certificate validation.... :-/
>
> If you want my NSIS and/or SecureW2 INF file do drop me an email.  The
> springboard'ing issue we resolved by dumping everything onto a CD and
> distributed them to the masses that way.  Even if this is not an option
> for you (like us in education with 'student welcome packs') if you make
> the CD's readily available near hotspots and what not in public areas
> people will find what they need.
>
> Cheers
>
> Alex
>
> [1] I have convinced my self it's safe for a wired network, getting
>        non-802.1X clients 802.1X'ified, but just not worth the risk for
>        wireless clients
>
> --
> Alexander Clouter
> .sigmonster says: Succumb to natural tendencies.  Be hateful and boring.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

Recently we upgraded from OpenWrt White Russian to Kamikaze.

By now, problem about discarding packets is no more.

 Most of the issues were that at random times took long time get
Access-Accept or even AP din't get any frames from supplicants...

-- 
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -



More information about the Freeradius-Users mailing list