[EMAIL PROTECTED] wrote: > "captive portal" - there are several software tools that will do this... > eg http://en.wikipedia.org/wiki/Captive_portal > > most people seem to be moving away from this method as it is riddled with > possible security compromises. >
Thanks for the heads-up. I'll take a look at it, but keep in mind the possible security implications (i'll google). > PAP uses clear text (unencrypted) password authentication. whilst > the EAP-TTLS traffic is encrypted (and the PAP lurks inside that encrypted > session) when you CAN see the PAP in the clear is when its being sent > over to LDAP - so you need to make sure that that communication is > encrpyted...either by making sure its configured to use SSL for its > communication channel...or simply 'stunnel'ing the traffic. > >> start_tls = no > ^^^^^^^^^^^^^^ > > this! > As mentioned in my reponse to Stefan, this is not a concern for me as they're on the same host communicating exclusively over the loopback interface. On a side-note, I've now noticed that radius doesn't appear to be respecting my ldap filter. base_filter = "(objectclass=radiusprofile)" but i can authenticate as a user without a radiusprofile attribute. Ideas? Thanks, John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html