Authorising Clients by Calling Station ID Not IP

Jennyanydots Napoleon Shoehorn jennyshoehorn at me.com
Mon Oct 24 23:38:48 CEST 2011


Fantastic news ;) !!

We use some ddwrt, openwrt routers, coovap (ubuntu) and higher end Meraki / Ruckus stuff. Might be a pain to configure each.

What about the idea of a common shared secret and then assigning a 'network' or huntgroup to each user. We could then block end users authenticating from a nas with a called-station-id which wasn't in db (or if a network wasn't set). 

Just an idea?


On 24 Oct 2011, at 22:26, Arran Cudbard-Bell wrote:

> 
> On 24 Oct 2011, at 23:09, Jennyanydots Napoleon Shoehorn wrote:
> 
>> This is very interesting, really appreciate the replies.
>> 
>> Other than using a VPN, how do other wifi providers actually operate securely?
> 
> They don't :)
> 
> It's either VPN or same shared secret. If your equipment is running something like DD-WRT or Open WRT, it should be possible to cross compile FreeRADIUS and setup a RadSec gateway on the Access Point.
> 
> The code works and PKI administration isn't as bad as everyone thinks it is.
> 
> -Arran
> 
> Arran Cudbard-Bell
> a.cudbardb at freeradius.org
> 
> Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111024/4f9e9f24/attachment.html>


More information about the Freeradius-Users mailing list