daniel knox <[email protected]> wrote:
>
> Lol just actually read some stuff on WPA and learnt abit more about EAP. I
> realise now that TTLS does not require client certificates like I previously
> thought only the server. Apologies for this miss understanding. Although I
> do realise now that SecureW2 would be required to give my Windows users the
> ability to access this. Although this may not be to difficult to distribute
> to them I would have to look into these possible issues.
>
You use server certificates for PEAP too, it's madness not to use a
server certificate in either case. If you do not then the clients are
more than happy to dish out user credentials to anyone who asks.
I prefer TTLS as although PEAP is already built into Mac OS X and
Windows, neither can be easily autoconfigured with some kind of priming
script[1]. We use TTLS as it's not braindead[2] and in the case of
SecureW2 it can be trivially autoconfigured. If you tie it in with a
NSIS script then you can do some *really* nice things for wireless
workstation priming for your Windows userbase.
Cheers
[1] not that I know of anyway, and Mac OS X 10.5 seems to have dropped
support for wireless profile importing
[2] well from my perspective, I'm sure implentators out their might say
otherwise
--
Alexander Clouter
.sigmonster says: Neil Armstrong tripped.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
