--On 6 March 2011 16:31:54 +0000 Guy <[email protected]> wrote:
On 6 Mar 2011, at 13:03, Phil Mayers wrote:
On 03/05/2011 04:46 PM, Guy wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I'm setting up Freeradius2 (FreeRADIUS Version 2.1.7) for WPA
Enterprise 2, and I have it basically working. my iPhone/iPad are
able to authenticate and connect via the base station. However my
Mac (OSX 10.6 Snow leopard) Laptops are having issues.
I do not want to push out Client certificates to the laptops. I also
do not want people to have to perform any customisations on the
clients.
When the laptop attempts to join the network I get a nice login
window, with username/password. This is fine. However without
playing with the network settings (802.1x settings). I'm not able to
join the network because I do not have a client Cert:
...
I changed "default_eap_type=md5" to "default_eap_type=ttls" and now the
Macs are able to authenticate without Certs or any configuration on their
side!!
...remember though that working != secure [necessarily]. Clients defaulting
to accept any radius server cert, or those that default to prompt the user,
are vulnerable to rogue AP/credential stealing attacks etc. This may be
acceptable in your environment, but if not, you'll still need to actively
configure the client.
-James
--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
