Using tokens for 802.1x auth

stasheck stasheck.fora at gmail.com
Thu Mar 24 09:37:35 CET 2011


Hi,
I have an idea I thought will be quite easy to implement, but it
turned out I can't figure how to do this on my own.

Company I work for issues software (Java) tokens for our employees
that need external access. They're based on proprietary system (CERB)
and we're using them with a great success for authenticating access
for our Juniper Gateway device - with a little help from Freeradius
(2.0.4, to be precise).

CERB system is plugged into radius via something like this (in radiusd.conf):

        exec cerb {
                wait = yes
                program = "/usr/local/bin/cerbauth.sh freeradius"
                input_pairs = request
                output_pairs = reply
        }

Now, I wanted to use those token also for 802.1x authentication for
our WiFi network, as it'd be safer than using just regular
username/password (which might be too weak) and more convenient than
certificates (it happened a couple of times that employees laptop has
been stolen).

For WiFi, we are using H3C WX30xx Access Controllers, which try to use
EAP, which in turn doesn't provide clear-text password that could be
used for cerb exec.

I'm pretty much stuck - either I got something wrong (Freeradius, WPA,
EAP etc. are still quite new for me), or it just can't be done.
Anyway, I figured I might just write here and hope that someone at
least tell me that everything above is just plain wrong :-)

/br
Stan



More information about the Freeradius-Users mailing list