Authorising Clients by Calling Station ID Not IP
Jennyanydots Napoleon Shoehorn
jennyshoehorn at me.com
Mon Oct 24 23:38:48 CEST 2011
Fantastic news ;) !!
We use some ddwrt, openwrt routers, coovap (ubuntu) and higher end Meraki / Ruckus stuff. Might be a pain to configure each.
What about the idea of a common shared secret and then assigning a 'network' or huntgroup to each user. We could then block end users authenticating from a nas with a called-station-id which wasn't in db (or if a network wasn't set).
Just an idea?
On 24 Oct 2011, at 22:26, Arran Cudbard-Bell wrote:
>
> On 24 Oct 2011, at 23:09, Jennyanydots Napoleon Shoehorn wrote:
>
>> This is very interesting, really appreciate the replies.
>>
>> Other than using a VPN, how do other wifi providers actually operate securely?
>
> They don't :)
>
> It's either VPN or same shared secret. If your equipment is running something like DD-WRT or Open WRT, it should be possible to cross compile FreeRADIUS and setup a RadSec gateway on the Access Point.
>
> The code works and PKI administration isn't as bad as everyone thinks it is.
>
> -Arran
>
> Arran Cudbard-Bell
> a.cudbardb at freeradius.org
>
> Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111024/4f9e9f24/attachment.html>
More information about the Freeradius-Users
mailing list