hi
Actually I don't want Freeradius to create the keys or deliver the WEP keys to
the end
user. The end user will have already entered in her unique WEP key manually.
Free-
ok, in your first post you didn't precise that.
radius just needs to authenticate based on MAC, and tell the access point which WEP key to use when talking with that client.
All of the WEPs would be created in advance, and entered into the client's configuration and into a database/file which is readable by Freeradius.
so, you want the WEP keys being delivered out of some file based on the MAC address. while i agree that this is possible and theoretically different than to deliver the keys to the user, this is not supported by freeradius. (besides, practically, the keys are delivered encrypted to the access point and the access point delivers at least some of them encrypted to the user; the interface between AP and user is defined in the 802.1X document, i.e. AP has to be set in the "EAP enabled" mode).
in the most general case key delivery means key management and key management should be bound to the authentication. that brings you back to eap, unfortunately for you :-) that's how freeradius does it right now.
you will have to patch freeradius in order to do fixed key delivery without previous authentication. this is definitely feasible, but you will also have to take a closer look on your AP and see if it can install WEP keys dynamically without EAP. then, AP will have to send the broadcast key to the user, you will have to verify how it is going to encrypt it and who is going to decrypt it on the user side.
all in all, your problem is rather practical, theoretically it would work.
ciao artur
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
