But we want some sort of standardized secure login for windows users ? ->I only see PEAP here.
or ttls, it depends on available clients. but peap is more microsoft... you are probably right.
Another solution would be the "Portal" approach: users will have to authenticate on a https webpage which starts a script and changes firewall rules (like NoCat).
yes, but it's not really wifi authentication.
My preference would be to have a central authentication system, with only the access points out in the field (not the radius/portal servers), and NOT having to use VPNs to connect the access points to a central gateway (portal). This would allow the use of "simple" dynamically (IP Addr) connected Aps.
well, radius is a centralized auth system. and only the aps are out in the field. and it has nothing to do with a portal. you only need fixed IPs for the APs because of some simple restrictions, i'm sure you could patch a radius server to accept whatever incoming request, as long as the shared secret is ok. you should be clear about the identity of your APs though...
the problem with what you propose is that you NEED a trust relationship between your auth system (whichever it would be) and your APs, because otherwise everybody would be served.
ciao artur
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
