Freeradius + MySql + Wireless Clients without certificates
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Tue Sep 14 11:55:13 CEST 2010
Hi,
> I´ll like to know if there is a way to configurates a Radius server + Mysql to authenticate Wireless clients via a Cisco AP without certificates (EAP TLS), only a username and password
err, EAP needs certs..thats a fundamental building block. the RADIUS server needs to be signed by a CA
and the client needs to have that CA installed onto it. you can make things easier by getting your RADIUS
server signed by a CA that is built into most of your clients - eg get a thawte or verisign signed cert.
its a BAD BAD thing not to enable radius server checking and CA checking on your client..... the
public key infrastructure is a major part of the security of 802.1X and if you thinks its 'too much effort'
then I'll show you a nasty man-in-middle fake AP and radius server that will get all your users usernames
and passwords. all run in a 512Mb VM on a basic laptop :-(
alan
More information about the Freeradius-Users
mailing list