Freeradius + MySql + Wireless Clients without certificates

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Tue Sep 14 11:55:13 CEST 2010


Hi,

> I´ll like to know if there is a way to configurates a Radius server + Mysql to authenticate Wireless clients via a Cisco AP without  certificates (EAP TLS), only a username and password

err, EAP needs certs..thats a fundamental building block. the RADIUS server needs to be signed by a CA
and the client needs to have that CA installed onto it. you can make things easier by getting your RADIUS
server signed by a CA that is built into most of your clients - eg get a thawte or verisign signed cert.

its a BAD BAD thing not to enable radius server checking and CA checking on your client..... the 
public key infrastructure is a major part of the security of 802.1X and if you thinks its 'too much effort'
then I'll show you a nasty man-in-middle fake AP and radius server that will get all your users usernames
and passwords. all run in a 512Mb VM on a basic laptop  :-(


alan



More information about the Freeradius-Users mailing list