David, > I've been reading the FAQs, the man pages, and going over > mailing list archives, and also the info at > deployingradius.com. I thought I should start by checking > that I'm heading in the right direction before trying > building stuff. I'm proposing that we use Freeradius to > authenticate the connections to the wireless APs using the > MIT Kerberos server. If this is possible, would it be done > using EAP-TTLS from the clients, and the Auth-Type would need > to be defaulted to Kerberos so that the > rlm_krb5 module would be used? I'm basing this on the > Protocols page in conjunction with a thread from earlier in > October about EAP-TTLS and Kerberos.
You're heading in the right direction. Note that if the synced passwords all exist in the AD, you can also consider the use of EAP-PEAP; the principal advantage being the use of the Windows native supplicant; this does not support EAP-TTLS without the use of third-party tools. josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
