Hmm... All good info, but it makes me wonder if I'm going about this the
best way.
This is my goal:
Wireless users and desktop computers on the same subnet (IPCop Blue, for
those keeping score at home) will need to log in with a user name and
password, which are kept on the MySQL server.
I want this to be as easy as possible for as many people as possible. I
came up with my client settings by going with the defaults. I would
like to use whatever is easiest for the users to implement.
I really appreciate you time, Thank you.
Alan DeKok wrote:
Doc. Caliban wrote:
I hate to ask this, but I'm running out of time on this project and I'm
completely new to RADIUS. I would be really happy if someone could just
point me to a detailed HOW TO for what I need.
http://www.freeradius.org/doc/EAPTLS.pdf
You need EAP-TLS to do PEAP.
I have freeRADIUS set up with an external MySQL user database and it's
successfully authorizing requests from NTRadPing.
Which helps, but isn't enough. Wireless uses a LOT more technologies
than just basic RADIUS.
So far I'm not having any luck, and I don't mind saying that I'm a
little over my head at this point. Someone familiar with this will
probably see glaring problems.
The debug output tries to be helpful. Honest.
Access Point:
D-Link DWL-7100AP (Ciscos coming in January)
WPA-EAP
TKIP
Client Laptop:
WPA Enterprise
TKIP
PEAP (Other options: EAP-SIM, TLS, TTLS, LEAP, EAP-FAST)
So... that should be an indication that you need PEAP.
I set up an AP to use RADIUS, and the requests get through to the RADIUS
server, but they always fail. Posted below is the debug output from the
failed attempt.
...
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: No such EAP type peap
You say that the clients will do PEAP, but you haven't configured PEAP
in the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
