Just from a very newbie's put of view why do you briefly touch on setting up a UNIX client and not a windows client
Regards Troy ----- Original Message ----- From: "Lars Strand" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 23, 2004 8:02 PM Subject: Re: 802.1X HOWTO (draft) > On Thu, 22 Jul 2004, Artur Hecker wrote: > > > > > 1. the document needs a quick native speaker review. guys? > > The tldp.org have a language review before it is published ;-) > > > 2. remove the repetitions of the form "how 802.1X works". > > Fixing it later today. > > > 3. add links to XSupplicant and FreeRadius in the abstract. > > Done. > > > 4. Authenticator config: since the images you include are HTML pages, > > you can reduce the overall document size using the trick used in e.g.: > > http://www.freeradius.org/doc/EAP-MD5.html > > (not important) > > I'm writing the HOWTO in DocBook XML, and can then later be converted > to html, pdf, ... - I don't belive docbook has support for inline > html.. overall I think images are better. > > > also add an image on EAP usage configuration (you only have the radius > > related config, where is the SSID-related config?) > > Will add that later today. > > > 5. WPA / RSN: stop confusing people even more :-) try this: > > > > TSN = TKIP+WPA/RADIUS = WPA(1) > > RSN = CCMP+WPA/RADIUS = WPA2 > > > > Ok - added ;-) > > > basically, if you really want to explain stuff instead of just saying > > "do that, do this" you can add an explanation divided in several > > sections which are to consider: > > - network access control (here: always 802.1X) > > - authentication method (with 802.1X EAP is implied) > > - link layer encryption (TKIP, CCMP, WEP, etc.) > > - backend server (EAP-capable RADIUS server implied by 802.1X) > > - magic glue :-) i.e. all the conventions on how and when to > > derive what and from what and how often and how to transport > > all this between AS/A etc., > > > > This requires some major restructuring - will look into it later > today.. > > > 6. in the Xsupplicant section: Configuring Xsupplicant, point 5: are you > > sure that "/sbin/iwconfig eth0 mode managed essid testnet enc off" will > > let you associate with networks mandating WEP or TKIP usage? have you > > tried that with an access point which requires L2 encryption? > > > > my card would not associate to WEP-networks unless i do "iwconfig eth= > > key 0x0" or provide some bogus key. > > > > No - I've just done authentication - no dynamic WEP. Others have > requested this as well - will look into it later today. > > I'm a little uncertain here: xsupplicant claims to have support for > dynaic WEP (which I'll try later), but what about WPA/802.11i? Is > there no other way than to use HostAP? > > Does anyone have any experience to share by using PEAP-MSCHAPv2 with > xsupplicant and dynamic WEP (to get me started)? > > I'm a little reluctant to use HostAP, since it will increase the HOWTO > and the complexity even more... WPA and 802.11i support is beeing > worked on for Xsupplicant.. > > > also, why not adding "allmulti" to the "ifconfig eth0 up" directive? > > > > Why? To let the interface recive new session/broadcast keys? > > > > > otherwise it looks good to me > > Thanks for the feedback! > > -- > Lars Strand > GnuPG/PGP Key: http://www.gnist.org/~lars/pubkey.asc ID: 972F4325 > "The Internet? Is that thing still around?" -- Homer Simpson > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
