RE: User + X Authentication

Wed, 21 Sep 2011 02:14:07 -0700 

Thanks Chris.
This what I would have gone for, but a quick google search for EAP/TLS capable 
DSL router, does not really return any feasible router. This is mostly 
used/deployed on WiFi networks, using APs, or WiFi clients.
Are you aware of any DSL router which can use EAP/TLS with PPP? I know that PPP 
can use EAP/TLS for authentication as well, but I presume PPP on the CPE must 
be told to use a specific authentication protocol, and on most CPEs the options 
are CHAP, PAP.

Regards
Raz

From: 
freeradius-users-bounces+raz.muhammad=cerberusnetworks.co...@lists.freeradius.org
 
[mailto:freeradius-users-bounces+raz.muhammad=cerberusnetworks.co...@lists.freeradius.org]
 On Behalf Of Christ Schlacta
Sent: 21 September 2011 06:54
To: [email protected]
Subject: Re: User + X Authentication

If you've got sufficient control over CPE and CPE is all sufficiently capable, 
you should be doing EAP-TLS authentication anyway.  if CPE is compromised, you 
can simply reflash, replace the credentials, and revoke the old ones.

On 9/20/2011 04:18, Raz Muhammad wrote:
Hi,

We are successfully running the following version on our network for our DSL 
users.

FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar 31 2010 
at 00:25:31
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.

FreeRADIUS was compiled with MySQL and radcheck is used for authentication 
along with other relevant tables.
We recently had a scenario where security of a CPE is a concern, and using PPP 
authentication is not enough. Someone suggested using Routers mac address along 
with PPP username/password authentication. But this method would relay on 
getting the router Mac address during the PPP negotiation, and it might be 
coming via the calling-station-id attribute, some suggestions are about using 
EAP and certifcates on the router.
I would like to find out what would be the best way to go for extra layer of 
authentication based security while using FreeRADIUS? and how can that be done 
with MySQL?

Regards
Raz





-

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to