hi Owen Squires wrote: > > Thanks all for hints... I think the problem I may be having is due to > all the suggestions relate to also turning on EAP/MD5/WEP or some such > as well. I've got 260 iBooks that I don't want to do anything other > than force MAC address authentication for. If the MAC address is in the > table, let the machine talk to, pass through, the AP...
if you only want to do MAC filtering, it has nothing to do with EAP anyway. you simply don't need EAP. for as far as i know, ap350 can do that both by its own table as also by radius means, this is possible, the MAC address is a kind of caller-id in radius jargon, it definitely will work... see cisco docs on it and radius archives on how to do MAC address authentication in freeradius... you probably know that it is completely unsecure though... actually, why don't you let it completely be? the mac addresses are always transported in clear (for evident reasons) and almost any card lets re-configurate itself to some mac address... so the attack is: sniff, change, (perhaps DoS), connect... it's too easy compared to the work you are planning to do. ciao artur > The Lucent/Orinoco AP-500 doesn't have anything but basic authentication > so maybe that is why it works and neither the Cisco AP350 nor the Symbol > AP4131 work. > > Thoughts?!? > > Thanks again, > -- _____________________________________________________________________ Artur Hecker Groupe Acc�s et Mobilit� hecker[at]enst[dot]fr D�partement Informatique et R�seaux +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
