ah, nice.
i took a rapid look, it looks good.
just some detials:
1. the document needs a quick native speaker review. guys?
2. remove the repetitions of the form "how 802.1X works".
3. add links to XSupplicant and FreeRadius in the abstract.
4. Authenticator config: since the images you include are HTML pages, you can reduce the overall document size using the trick used in e.g.:
http://www.freeradius.org/doc/EAP-MD5.html
(not important)
also add an image on EAP usage configuration (you only have the radius related config, where is the SSID-related config?)
5. WPA / RSN: stop confusing people even more :-) try this:
TSN = TKIP+WPA/RADIUS = WPA(1)
RSN = CCMP+WPA/RADIUS = WPA2basically, if you really want to explain stuff instead of just saying "do that, do this" you can add an explanation divided in several sections which are to consider:
- network access control (here: always 802.1X)
- authentication method (with 802.1X EAP is implied)
- link layer encryption (TKIP, CCMP, WEP, etc.)
- backend server (EAP-capable RADIUS server implied by 802.1X)
- magic glue :-) i.e. all the conventions on how and when to
derive what and from what and how often and how to transport
all this between AS/A etc.,
6. in the Xsupplicant section: Configuring Xsupplicant, point 5: are you sure that "/sbin/iwconfig eth0 mode managed essid testnet enc off" will let you associate with networks mandating WEP or TKIP usage? have you tried that with an access point which requires L2 encryption?
my card would not associate to WEP-networks unless i do "iwconfig eth= key 0x0" or provide some bogus key.
also, why not adding "allmulti" to the "ifconfig eth0 up" directive?
otherwise it looks good to me artur
Lars Strand wrote:
I'm in the process of writing an 802.1X Linux HOWTO using Xsupplicant as supplicant and FreeRADIUS as authentication server. The authentication mechanism used is PEAP (MS-CHAPv2).
You may find the draft here:
http://www.gnist.org/~lars/courses/04thales/8021X-HOWTO.html
I would like some comments/hints/tips! And, when you guys are satisfied, I plan to submit it to tldp.org.
Thanks!
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
