Sergio Belkin <seb...@gmail.com> wrote: > > Thanks for ideas, > > In fact, some things you suggest I am using right now :) for example: > > *Automatized SecureW2 installer (ttls) > *Web Page with "secondary" password for peap > > But even so, some users find somewhat hard to use. > We seem to have no real problems with SecureW2 and our userbase. Mac OS X users 'import' the configuration (if they are 10.3 or 10.4) and WinXP users get a light time of it would my SecureW2 preconfiguration script with some NSIS wrapper action to spoonfeed them during problematic bits.
Of course SecureW2 + WinXP + SP3 + wired 802.1X is fruity at the moment which is out current problem, however that's a grumble for another thread. The only problems we have is that we are 'awkward' and force WPA2 only and do not give into those WPA (version 1) TKIP weenies. > I've tried with no success at this moment use more than one SSID on > OpenWRT on Linksys WRT54GL... > Do not ever go down this route[1]. It completely negates the point of having a WPA Enterprise network when someone comes along with an evil twin network and gets the user to install a 'springboard' application to get onto the better network. It's as counterproductive as using PEAP/TTLS without full certificate validation.... :-/ If you want my NSIS and/or SecureW2 INF file do drop me an email. The springboard'ing issue we resolved by dumping everything onto a CD and distributed them to the masses that way. Even if this is not an option for you (like us in education with 'student welcome packs') if you make the CD's readily available near hotspots and what not in public areas people will find what they need. Cheers Alex [1] I have convinced my self it's safe for a wired network, getting non-802.1X clients 802.1X'ified, but just not worth the risk for wireless clients -- Alexander Clouter .sigmonster says: Succumb to natural tendencies. Be hateful and boring. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html