How to configure FreeRadius so that clients don't have to bechanged?
Jester
jpurtteman at columbus.rr.com
Wed Jul 16 13:25:50 CEST 2008
On Wed, Jul 16, 2008 at 12:37 PM, DaSilva
<Edwinem_von_Forresterra at web.de> wrote:
>
>
> Alan DeKok-4 wrote:
>>
>> DaSilva wrote:
>>> I want to set up a FreeRadius server for WLAN authentification without
>>> the
>>> need to change anything on client PCs (because we have so much clients
>>> that
>>> this would be to much work).
>>> Is that possible?
>>
>> No.
>>
>> It's like asking "how do I make the PC be a web server... but I don't
>> want to install a web server".
>>
>> You have to configure WLAN authentication on the clients in order for
>> WLAN authentication to work.
>>
>> Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>
> And is it possible to do this automatically via remote or something else?
> --
> View this message in context:
>
http://www.nabble.com/How-to-configure-FreeRadius-so-that-clients-don%27t-ha
ve-to-be-changed--tp18482025p18483881.html
>I believe you misunderstood me. We have many APs which all have their own
>access list, MAC addresses etc. and we want to use a RADIUS server to do
>this for all APs. So that we have a global station where we can change
>something for all APs in our AD. I don't mean authentification via WPA and
>TLS or something like this. So how can I do this or where can I find a
>tutorial / howto for this?
>--
Just another option, and this may be a useless suggestion, but I'll throw it
out there anyway. Some AP's support a "walled garden" feature which takes
the ignores the original request and forces the client to a login page (like
at airports, $tarbucks etc). Once the client goes there and enters their
credentials, RADIUS is used to authenticate them, and they are allowed or
denied at that time. It allows you to deploy one configuration to all your
points, and use a RADIUS backend (and AD, mysql, text files whatever you use
to drive that) to centralize configuration at that point. The glitch is,
you have to have AP's that support walled garden, but if you do, it's handy.
That said, it sounds like you are already using access lists with MAC
addresses for authentication, so the security problems that Alan Dekok noted
are already present in your system and MAC authentication might be what you
want after all.
More information about the Freeradius-Users
mailing list