need help & advice getting started with freeradius
Alexander Clouter
alex at digriz.org.uk
Sun Apr 5 23:24:05 CEST 2009
daniel knox <mail at dknox.co.uk> wrote:
>
> Lol just actually read some stuff on WPA and learnt abit more about EAP. I
> realise now that TTLS does not require client certificates like I previously
> thought only the server. Apologies for this miss understanding. Although I
> do realise now that SecureW2 would be required to give my Windows users the
> ability to access this. Although this may not be to difficult to distribute
> to them I would have to look into these possible issues.
>
You use server certificates for PEAP too, it's madness not to use a
server certificate in either case. If you do not then the clients are
more than happy to dish out user credentials to anyone who asks.
I prefer TTLS as although PEAP is already built into Mac OS X and
Windows, neither can be easily autoconfigured with some kind of priming
script[1]. We use TTLS as it's not braindead[2] and in the case of
SecureW2 it can be trivially autoconfigured. If you tie it in with a
NSIS script then you can do some *really* nice things for wireless
workstation priming for your Windows userbase.
Cheers
[1] not that I know of anyway, and Mac OS X 10.5 seems to have dropped
support for wireless profile importing
[2] well from my perspective, I'm sure implentators out their might say
otherwise
--
Alexander Clouter
.sigmonster says: Neil Armstrong tripped.
More information about the Freeradius-Users
mailing list