wpa2-psk and radiusd possible?

Stefan Jensen sjensen at versanet.de
Thu Jul 16 23:48:23 CEST 2009


Hi,...

Am Donnerstag, den 16.07.2009, 08:27 +0200 schrieb Stefan Winter:

> Your bet is correct: WPAx-PSK does not consult a RADIUS server at all.
> One PSK is for the whole SSID, there is not usually a PSK-per-user. So

Thanks, i wanted to get sure about that.

> how did you do that with hostap; have one SSID for every MAC, and one
> PSK associated to it?

No, one (1) SSID and for every MAC a different PSK. For that, hostapd
can read a file with pairs of "$MAC $PSK".
(option: "wpa_psk_file=/path/to/hostapd.wpa_psk")

> If you want individual keys per client, WPAx-Enterprise with 802.1X
> authentication is the commodity way. If your users get confused with the
> certs, either create a pre-configured site deployment of your supplicant
> which sets stuff up for them (exists for many supplicants)

Can you please provide some keywords or maybe links for that? Seems that
i use wrong seach terms, because i found nothing real usable. Thanks!

> or educate
> your users until they get it.

This is may be the hardest part.  ;-)

best regards
-- 
Stefan Jensen <sjensen at versanet.de>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090716/51d7df22/attachment.pgp>


More information about the Freeradius-Users mailing list