ldap/krb5 auth and access point Authentication methods ?
Alan DeKok
aland at deployingradius.com
Sat Oct 11 08:02:42 CEST 2008
FM wrote:
> I'd like to use freeradius to auth. our users. I read that freeradius
> can use openldap and kerberos, so i suppose I will setup these for auth.
Maybe. You are constrained by the limitations of the authentication
protocols. i.e. FreeRADIUS can do a lot, but only if the
authentication protocols are compatible.
> Most of my Wi-Fi users will be Windows/Mac Os and I'd like to avoid
> custom installation on the laptops.
>
> The question is :
> Which auth method should I use on the access points ?
Access points don't use authentication methods. The wireless clients
(supplicants) do. And most Windows machines only do PEAP.
http://deployingradius.com/documents/protocols/compatibility.html
I would suggest using TTLS, which is supported by the Macs. Use
something like SecureW2 for the Windows machines, to upgrade them to
using TTLS.
Alan DeKok.
More information about the Freeradius-Users
mailing list