Freeradius + MySql + Wireless Clients without certificates
Kevin Ehlers
kevin at uoregon.edu
Tue Sep 14 20:55:01 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 9/14/10 11:38 AM, Alan Buxey wrote:
> Hi,
>
>>> I´ll like to know if there is a way to configurates a Radius server + Mysql
>>> to authenticate Wireless clients via a Cisco AP without certificates (EAP
>>> TLS), only a username and password
>
> yes. we use Cisco APs - we used to use them in autonomous mode but moved to the
> lightweight LWAPP (now CAPWAP) mode a few years back.
>
> I would not recommend broken captive portals. 802.1X is the way forward
> (and is now beign mandated by several government and education procurement
> systems around the world - expect any half-decent auditor to pick up on this too.
> for EAP, you can use EAP-PEAP or EAP-TTLS - in which your RADIUS server
> has a certificate signed by a CA. the clients dont need certificates, they
> just need to have the CA on them that signed the RADIUS server (for trust!)
I agree for the most part. However, captive portals will still be in
use for guest access. There's less administrative and helpdesk overhead
for this type of deployment.
On windows machines, the CA/cert trust has to be explicitly enabled.
This can be a barrier for un-managed and non-employee machines.
- --
Kevin Ehlers
Network Engineer
University of Oregon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkyPxQUACgkQ0l216NgIDryV7ACfdCwwbjP6y4dWsNUOQS0x5woK
JQ4Amwa3WK5kSoGHvzX1FPiUxJp1cQt9
=opmK
-----END PGP SIGNATURE-----
More information about the Freeradius-Users
mailing list