Hi....
First, thanx to all who replied to my earlier emails on EAP/TLS + WEP key generation.....I seem to have this working now.
Now I have some new questions <d'oh>:
1. I have read that I can have freeradius run a script via Exec-Program-Wait at authentication time. I was just wondering would it be possible to use this to perform a query over IP on the client station (eg: snmp or something)?
2. I have seen mails and docs on allowing freeradius assign VLAN IDs at authentication time. I am presuming this would be more suitable for wired ethernet switches than wireless access points on APs with VLAN capabilities (eg: my Cisco Aironet 1200) you attach to an SSID (which is associated with a VLAN). I am guessing the answer to this is probably no, but would it be possible to have freeradius dynamically associate a client station to an SSID at authentication time?
My interest in these is because I would like if possible to be able to check each client station to see if it has the latest patches, virus protection s/w etc. and if it doesn't I would like to either disconnect it, or dump it in some kind of quarantine SSID (VLAN).....
....and finally:
3. Is it possible using EAP/TLS to restrict how many times a station with a particular certificate connects to the wireless net.....i.e. if someone takes their certificate and installs it on 10 wireless machines, can I configure freeradius (and/or my access point) so that only one active wireless connection is allowed for that certificate?
Thanx again for all the recent help, and thanx in advance for any help on these.
Chris Bradshaw.
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
