Thanks Dan; This cleared some of my concepts; I always had a section in my router-configuration web page, regarding the MAC addresses. I now understand (courtesy you) that the basic authentication occurs at the device level; user-authentication is the (second) authentication over the second layer.
Also, I believe that this user-level-authentication is a part of WPA/WPA2-standard; I expect that this would become too for WiMax as well... But anyways, I need to shut up, and try connecting to a WiMax device ASAP :) :) :) Thanks and Regards, Ajay On Fri, Mar 16, 2012 at 2:37 AM, Dan Williams <[email protected]> wrote: > On Tue, 2012-03-13 at 01:28 +0530, Ajay Garg wrote: >> Thanks Dan. >> >> That was really useful information. >> >> So, this seems somewhat like a WPA/WPA2-Enterprise WIFI network situation. > > Yes, except that the EAP authentication is not typically under control > of the user. The EAP bits authenticate the *device*, not the user, and > user authentication is typically provided by a captive portal web login > scheme after the device has connected to the NAP. So the user has > nothing to configure except to enter in their username and password to > the captive portal if the provider doesn't already recognize the MAC of > the WiMAX device. > >> However, I still wonder (no offense to you please ...), as to there >> _must_ be some authentication somewhere; for as it currently stands >> that NSP is publically available (much like SSID of a typical WIFI >> network); but unlike WPA/WPA-Enterprise, there is no authentication at >> user-level, thereby meaning that the network is open to be connected >> by anyone (unless of course that is what WiMax aims to achieve ;-) ) > > AFAIUI the EAP authentication (at least for the Intel devices) is done > using a certificate stored in the device's NVRAM that is not user > accessible. It's just part of the automatic connection process and the > user doesn't know anything about it unless it fails for some reason. > > Commonly, user-level authentication is handled after the device has > already made a connection to the base station and received an IP > address. So yes, that typically means anyone with a WiMAX device can > connect to the base station and will land in the captive portal. At > least with CLEAR in the US, on the backend you land on a VLAN where your > authentication is handled via a web UI in which you enter your > subscription name and password, and after successful authentication the > backend switches you to the authenticated VLAN. This is almost exactly > the process that most WiFi captive portals use too, from the user's > perspective. > > Dan > >> Thanks a ton to you all (Thomas, David, Dan) !!! >> >> Regards, >> Ajay >> >> On Tue, Mar 13, 2012 at 12:24 AM, Dan Williams <[email protected]> wrote: >> > On Mon, 2012-03-12 at 17:20 +0530, Ajay Garg wrote: >> >> Ahh.. Thanks; and sorry, I missed that table earlier. >> >> >> >> Regarding the security protocols for Wimax, I'll read on.. >> > >> > There's nothing to specify for WiMAX since that's all handled on a lower >> > level, at least with all the hardware that's out there right now and >> > compatible with Linux. The current NM code only supports the Intel >> > "wimaxd" software and Intel i2400m WiMAX hardware since that's the only >> > WiMAX stack that's freely available on Linux. >> > >> > The only relevant settings for WiMAX are currently the MAC address, to >> > lock to a specific WiMAX device, and the NSP name. The wimaxd daemon >> > itself handles any security that might be required based on it's >> > configuration file and stored list of NSP configurations. I think it >> > supports EAP-TLS and EAP-TTLS which are (I believe) the de-facto >> > standard auth protocols for most mobile wimax networks. >> > >> > Dan >> > >> >> Thanks and Regards, >> >> Ajay >> >> >> >> On Mon, Mar 12, 2012 at 5:05 PM, David Röthlisberger <[email protected]> >> >> wrote: >> >> > On 12 Mar 2012, at 11:06, Ajay Garg wrote: >> >> >> Thanks David for the reply. >> >> >> >> >> >> What I meant something was to "add a wimax connection" (something >> >> >> along the lines of >> >> >> http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/examples/python/add-system-wifi-connection.py). >> >> >> >> >> >> Unless of course, Wimax is a sub-type of Wifi; i.e. Wimax has same >> >> >> settings (security types for example) as for Wifi. >> >> >> >> >> >> Kindly enlighten :) >> >> > >> >> > Your original question that I was attempting to answer: >> >> > >> >> >> what about the specs page for 0.9 (on similar lines as >> >> >> http://projects.gnome.org/NetworkManager/developers/api/08/settings-spec-08.html), >> >> >> especially for WiMax related settings? >> >> > >> >> > >> >> > The exact same page you linked, but for 0.9 instead of 0.8, is: >> >> > http://projects.gnome.org/NetworkManager/developers/api/09/ref-settings.html >> >> > Table 13 show the wimax settings. >> >> > >> >> > Beyond that I am afraid I am not able to help. I don't actually know >> >> > anything about NetworkManager and WiMax -- I just thought that link >> >> > might help you. :-) >> >> > >> >> _______________________________________________ >> >> networkmanager-list mailing list >> >> [email protected] >> >> http://mail.gnome.org/mailman/listinfo/networkmanager-list >> > >> > > > _______________________________________________ networkmanager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
