We have a new requirement to provide wireless access to our network with an authenticated connection. The wireless access/connection is controlled by a Cisco 4402 controller. The clients that will connect are Windows XP, Mac OSX, and Linux OS laptops.
We have all of the systems on the wired network currently logging in to either to a Windows AD domain (XP) or to a MIT Kerberos realm (Linux and OSX). The user password is synchronized on these two authentication sources. I've been reading the FAQs, the man pages, and going over mailing list archives, and also the info at deployingradius.com. I thought I should start by checking that I'm heading in the right direction before trying building stuff. I'm proposing that we use Freeradius to authenticate the connections to the wireless APs using the MIT Kerberos server. If this is possible, would it be done using EAP-TTLS from the clients, and the Auth-Type would need to be defaulted to Kerberos so that the rlm_krb5 module would be used? I'm basing this on the Protocols page in conjunction with a thread from earlier in October about EAP-TTLS and Kerberos. Thanks very much. --David Pullman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
