somewhat ot: Check radius server name on linux supplicant
Sergio Belkin
sebelk at gmail.com
Mon Jan 5 01:05:21 CET 2009
Hi,
I'm stuck with a problem to which I haven't found an easy solution.
Let's say we use either EAP-PEAP or EAP-TTLS. Both on Windows you cave
ways to check not only ca certificate but also radius server name.
I've tried:
*NetworkManager: It can't check radius server name.
*wicd: You could use customized scripts but make things harder and
replace NetworkManager which is the default network tool on modern
distros.
*kwlan: It's like wicd an more KDE oriented.
*wpasupplicant: It can check server name! But also on Fedora 10 I
haven't found a way for NetworkManager apply its config file. Mostly
"modern" and end users distros don't pay attention to wpasupplicant
config file.
On Windows (and I am not presicely a MS fan) you can check server name
either by itself or by SecureW2. On Mac it prompts you showing radius
server name. Sadly, I haven't found on Linux to check radius server
name.
I fear this: Let's say I have a radius server which use a certificate
signed by WhateverSign. You get a certificate signed by WhateverSign
too. You use a trustable ca certificate, don't you? Well, you config a
cheating Access Point. Then a user come and connect to that cheating
Access Point. Please tell me if that risk exists and if is wothy of
worrying. If it is, how I can do for check radius server name on
modern distro Linux?
Thanks in advance and happy new year!!!!
--
--
Open Kairos http://www.openkairos.com
Watch More TV http://sebelk.blogspot.com
Sergio Belkin -
More information about the Freeradius-Users
mailing list