Thank you for your reply David. I have a long way to go I guess. Have a nice day.
/GK On Tue, May 6, 2008 at 10:02 AM, David Mitton <[EMAIL PROTECTED]> wrote: > George, > > Your message came through just fine. But this is a voluntary list of > users, and your question falls into an area that over hangs a long way > outside of FreeRadius, possibly outside of the expertise in this group. I > know a little about this space, so FWIW: > > First off, Big Picture: to a certain extent, FR doesn't care if you are > authenticating a user or a machine. It just approves (Access-Accept) the > wireless connect or not. You have to configure FR so it finds, resolves and > can authenticate the credentials supplied. > > In your case EAP-TLS would be appropriate. I believe Microsoft gives you > one of them on WinCE. You will have to install certs on the WinCE devices > that meet the criteria on the client and server EAP-TLS module. > > If you are trying to use FR to front end an Active Directory installation, > this becomes more complicated. (I cannot describe that to you) > > But even so, Remote Access authentication to AD is not a User logon, it's > just access. The defaults favor user credentials or certificates, but you > can configure anything that works, doesn't have to be users. > > Also, WinCE "machines" are not the same as WinXP systems with their > relationship to an Active Directory. They are not domain members that logon > AD users. So this is not "machine authentication" in the AD sense. That > said, the EAP system in WinCE is a fairly equivalent to the XP EAP, But I'm > not sure if there is automatic machine connection attempt or what the source > of credentials would be. (maybe from the registry?) Likely if the ability > exists, you have to define it in the EAP configuration. This is a WinCE > EAP client issue. > > Good luck, > > Dave. > > > > May 6, 2008 08:49:37 AM, [email protected] wrote: > > Hi, > I sent an email to the list yesterday but it seems it wasn't delivered. > I'm resending it again. > > /GK > > On Mon, May 5, 2008 at 12:10 PM, George KNIGHT <[EMAIL PROTECTED]> > wrote: > > > Hello All, > > I've been trying to setup an environment where WinCE OS client computers > > authenticate themselves using wireless connection to the freeradius v.2.0.3 > > server with PEAP. The authenticator will eventually be Cisco AP1242 AP but > > for now I am using Symbol AP300. > > > > The way that I want to set this up is that the computers with WinCE OS > > will be used by users who shouldn't be asked any user name or input. All I > > want is WinCE machines to authenticate themselves with freeradius through > > certificates. Basically, I want machine authentication as opposed to user > > authentication. > > > > Is there specific changes I have to do on conf files for this to work? > > Or any change at the client machines? > > > > Thank you. > > George Knight > > > > > ------------------------------ > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
