Hi Alan,
From: "Alan DeKok" <[EMAIL PROTECTED]>
Subject: Re: WPA w/ EAP-TLS against 0.8.1 Date: Thu, 02 Oct 2003 22:52:50 -0400
"Ian Pritchard" <[EMAIL PROTECTED]> wrote:
> I've read the responses to this and to the TLS/TTLS thread... tried to find
> somewhere in the Funk client where I might be able to control some kind of
> reauthentication interval (there's a setting on the AP), but no luck there
> unfortunately.
It's set by the RADIUS server, via Session-Timeout.
Yeah, got that one, but just wondered if there was also something in the supplicant to do this independently, other than resetting the connection or pulling the PCMCIA card out of the laptop....
> Given that WPA is "the 802.11 security protocol suite of the > future", I guess it might be quite important.... regardless of which > EAP flavour is used... ;-)
Many EAP methods such as LEAP, TLS, and TTLS include dynamic WEP keys. That would appear to be incompatible with WPA.
Okay, that's interesting. My impression was that WPA w/RADIUS was supposed to be fully retro-compatible with 802.1x (at least in terms of EAP flavours and the way they operate). Does anyone know where WPA is actually defined? I mean, is there a definition document widely available? Does it go down to a technical level? Or do you have to pay thousands to join an "open" industry forum to have access to the standard? Also, if the WPA standard includes RADIUS authentication, what does it mean by "RADIUS" - whose RADIUS servers have been tested?
Jeremy, interesting what you said about your Cisco AP 1200 - I think the implementation there is "802.1x" and not WPA, right? The SMC AP we tried seemed to be the same - when you turn on "WPA w/TKIP" it didn't work against for our supplicants against FreeRADIUS, but when you just turned on "802.1x authentication" it worked fine.
So, if dynamic WEP is incompatible with WPA, is that the fault of (and should the fix happen on) the EAP method, the AP, the supplicant or FreeRADIUS?
Thanks,
Ian
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
