Freeradius + MySql + Wireless Clients without certificates

Esteban TALAVERA etalaveran at gmail.com
Tue Sep 14 15:47:23 CEST 2010


Thanks, yoy're rigth.  I'ill continue this way, the problem is not the
"effort", but I was trying to complete the picture
Freeradius+MySql+EAP_TLS+Cisco AP without success.
Keep trying...


On Tue, Sep 14, 2010 at 5:25 AM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:

> Hi,
>
> > I´ll like to know if there is a way to configurates a Radius server +
> Mysql to authenticate Wireless clients via a Cisco AP without  certificates
> (EAP TLS), only a username and password
>
> err, EAP needs certs..thats a fundamental building block. the RADIUS server
> needs to be signed by a CA
> and the client needs to have that CA installed onto it. you can make things
> easier by getting your RADIUS
> server signed by a CA that is built into most of your clients - eg get a
> thawte or verisign signed cert.
>
> its a BAD BAD thing not to enable radius server checking and CA checking on
> your client..... the
> public key infrastructure is a major part of the security of 802.1X and if
> you thinks its 'too much effort'
> then I'll show you a nasty man-in-middle fake AP and radius server that
> will get all your users usernames
> and passwords. all run in a 512Mb VM on a basic laptop  :-(
>
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 

*Esteban Talavera*

*
*

*Proyectos ITW*

Tel.    +(58)212 7623035

+(58)212 7620504

Cel. +(58)412 2892006

Fax       +(58)212 7615965
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100914/01446b9c/attachment.html>


More information about the Freeradius-Users mailing list