On Oct 29, 2003, at 6:21 AM, Jan van Rensburg wrote:
Hi,
I'm new to radius in general, and wonder if anyone can provide me with good a nod in the right direction. I installed freeradius 0.9.2 from source on RedHat advance server 2.1. Initial testing as described in INSTALL went fine.
We will be getting Apple Airport Extreme base stations ( http://www.apple.com/airport/) for company WiFi access, and I want to manage the allowed MAC list for all the base stations centrally on the radius server. What exactly do I need to configure on the freeradius side? Do I have to configure users as well, or can you just put up a list of MACs somewhere? I see the Airport supports Cisco's LEAP, do I need to configure freeradius with LEAP support, or is this not necessary if Cisco equipment aren't used?
As usually, you'll need to create entries in clients.conf file for the AirPort Extreme Base Stations (accepted IPs, shared secret).
In the user's file you'll need to create entries for each client MAC (an external database could be used instead, I suppose).
The AirPort Admin Utility gives a choice of how to format the MAC addresses ('001122-334455' or '001122334455').
If I later want to configure user auth in addition to MAC auth, can this be done via PAM smb? We usually use pam_smb to authenticate things like ssh sessions against our NT4 domain controllers. Will this work with freeradius/apple's airport? How do users authenticate before they can use the WLAN? Is extra client software required for Windows/Mac OS X?
I don't know about that. AFAIK, as of AiPort Extreme 3.1 you can't do user auth. The AirPort client supports LEAP but not the Apple Base Stations.
-Andreas
Thanks, Jan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
