On Wed, Jul 16, 2008 at 12:37 PM, DaSilva <[EMAIL PROTECTED]> wrote: > > > Alan DeKok-4 wrote: >> >> DaSilva wrote: >>> I want to set up a FreeRadius server for WLAN authentification without >>> the >>> need to change anything on client PCs (because we have so much clients >>> that >>> this would be to much work). >>> Is that possible? >> >> No. >> >> It's like asking "how do I make the PC be a web server... but I don't >> want to install a web server". >> >> You have to configure WLAN authentication on the clients in order for >> WLAN authentication to work. >> >> Alan DeKok. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> > > And is it possible to do this automatically via remote or something else? > -- > View this message in context: > http://www.nabble.com/How-to-configure-FreeRadius-so-that-clients-don%27t-ha ve-to-be-changed--tp18482025p18483881.html
>I believe you misunderstood me. We have many APs which all have their own >access list, MAC addresses etc. and we want to use a RADIUS server to do >this for all APs. So that we have a global station where we can change >something for all APs in our AD. I don't mean authentification via WPA and >TLS or something like this. So how can I do this or where can I find a >tutorial / howto for this? >-- Just another option, and this may be a useless suggestion, but I'll throw it out there anyway. Some AP's support a "walled garden" feature which takes the ignores the original request and forces the client to a login page (like at airports, $tarbucks etc). Once the client goes there and enters their credentials, RADIUS is used to authenticate them, and they are allowed or denied at that time. It allows you to deploy one configuration to all your points, and use a RADIUS backend (and AD, mysql, text files whatever you use to drive that) to centralize configuration at that point. The glitch is, you have to have AP's that support walled garden, but if you do, it's handy. That said, it sounds like you are already using access lists with MAC addresses for authentication, so the security problems that Alan Dekok noted are already present in your system and MAC authentication might be what you want after all. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
