need help & advice getting started with freeradius

Alexander Clouter alex at digriz.org.uk
Sun Apr 5 23:24:05 CEST 2009


daniel knox <mail at dknox.co.uk> wrote:
> 
> Lol just actually read some stuff on WPA and learnt abit more about EAP. I
> realise now that TTLS does not require client certificates like I previously
> thought only the server. Apologies for this miss understanding. Although I
> do realise now that SecureW2 would be required to give my Windows users the
> ability to access this. Although this may not be to difficult to distribute
> to them I would have to look into these possible issues.
> 
You use server certificates for PEAP too, it's madness not to use a 
server certificate in either case.  If you do not then the clients are 
more than happy to dish out user credentials to anyone who asks.

I prefer TTLS as although PEAP is already built into Mac OS X and 
Windows, neither can be easily autoconfigured with some kind of priming 
script[1].  We use TTLS as it's not braindead[2] and in the case of 
SecureW2 it can be trivially autoconfigured.  If you tie it in with a 
NSIS script then you can do some *really* nice things for wireless 
workstation priming for your Windows userbase.

Cheers

[1] not that I know of anyway, and Mac OS X 10.5 seems to have dropped 
	support for wireless profile importing
[2] well from my perspective, I'm sure implentators out their might say 
	otherwise

-- 
Alexander Clouter
.sigmonster says: Neil Armstrong tripped.




More information about the Freeradius-Users mailing list