Hi, > I'd like to use freeradius to auth. our users. I read that freeradius > can use openldap and kerberos, so i suppose I will setup these for auth.
- or just use one of them - decide which one to use and ensure clients are configured correctly > Most of my Wi-Fi users will be Windows/Mac Os and I'd like to avoid > custom installation on the laptops. in that case, PEAP with MSCHAPv2 - windows only does EAP-TLS and PEAP without additional software (new supplicant or additional supplicant plugin). you'll also want your RADIUS server cert to be signed by a main cert authority. I prefer to use a self-signed (because its then a closed loop system and a LOT harder for someone to pretend to be your RADIUS) - but if you do it this way yu'd have to get the self CA onto the systems trusted cert reg - and thats client config work - which you seem to want to avoid. > Which auth method should I use on the access points ? err, none. you configure them to have a network with an SSID of whatever, serving out a network which is WPA enterprise (all the usual crypto stuff) with a RADIUS server of x.y.z.a (and maybe a second and third one for backup). the client supplicant and the RADIUS server deal with the auth method. the AP gets a simple 'let this user one' message at the end of the day. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
