Quoting "King, Michael" <[EMAIL PROTECTED]>: > You configure your client to use TTLS or PEAP, and upon connecting to > the network, they will be prompted to enter username and password. If > they don't have one, they don't get on. If they do have one, they get > on. > This also solves your problem of having to give out a cert to each client as both of these only require a server side cert. You could then purchase a certificate from a trusted CA and that would already be in their browsers list of Trusted CA's.
Here are a couple of howto's the first is for a Linux supplicant and the second is for using a Windows supplicant. What's a supplicant? The client. http://tldp.org/HOWTO/html_single/8021X-HOWTO/ http://text.dslreports.com/forum/remark,9286052~mode=flat Hope that helps, Jon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html