Re: Setting FreeRadius and Ldap. - Getting Educated Now
Ivan, Thanks for the url link to the missing documentation. Very helpful. Ldap is not going to work for EAP. Now I am facing a dilemma - deciding what WEP protocol to use based on my test setup. After reading the 'sites' and 'modules' files it seems that some WEP or EAP protocols are weaker than others, some not suggested for use. Here's what my test router and machines can handle. Router can provide - WEP 40/128 shared key, WEP Personal, WEP Enterprise Chiper: TKIP or AES Workstation:WEP 40/128 shared key, Leap, Dynamic WEP, WPA WPA2 Personal Enterprise Older Laptop: WEP 40/128 shared key, 802.1 Cisco LEAP or EAP FAST --this may be the limiting machine. I need to rely on list users experience for suggested paths to pursue? Steven -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Setting FreeRadius and Ldap. - Getting Educated Now
Now I am facing a dilemma - deciding what WEP protocol to use based on my test setup. After reading the 'sites' and 'modules' files it seems that some WEP or EAP protocols are weaker than others, some not suggested for use. Here's what my test router and machines can handle. Router can provide - WEP 40/128 shared key, WEP Personal, WEP Enterprise Chiper: TKIP or AES Workstation:WEP 40/128 shared key, Leap, Dynamic WEP, WPA WPA2 Personal Enterprise Older Laptop: WEP 40/128 shared key, 802.1 Cisco LEAP or EAP FAST --this may be the limiting machine. Use WPA2 Enterprise (PEAP) on the workstation and LEAP for older laptop. Server should support both in default configuration. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Setting FreeRadius and Ldap. - Getting Educated Now
Hi, Now I am facing a dilemma - deciding what WEP protocol to use based on my test setup. After reading the 'sites' and 'modules' files it seems that some WEP or EAP protocols are weaker than others, some not suggested for use. dont use WEP. ever. Router can provide - WEP 40/128 shared key, WEP Personal, WEP Enterprise Chiper: TKIP or AES surely you mean WPA personal and WPA enterprise (TKIP or AES)? I would say WPA enterprise with AES. its the bext you can get currently on your kit Older Laptop: WEP 40/128 shared key, 802.1 Cisco LEAP or EAP FAST --this may be the limiting machine. the limiting factor here is most likely the software on the system - use a different tool to control the wireless authentication alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Setting FreeRadius and Ldap. - Getting Educated Now
Thanks Alan, WPA Enterprise with AES, I will do some more reading to understand the benefits of AES. As for the older laptop - I choose this unit because if represents the oldest of technologies that will be accessing the network. This IBM Thinkpad uses a Cisco (Calexico) internal wireless card using current Windows XP (SP3) card drivers (from IBM / Lenovo). So unless there is a better solution for controlling this wireless card I am stuck with dealing with its offerings: WEP, Cisco Leap and EAP FAST. Steven -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Setting FreeRadius and Ldap. - Getting Educated Now
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28/08/2009 16:50, Steven Sprague wrote: Thanks Alan, WPA Enterprise with AES, I will do some more reading to understand the benefits of AES. TKIP is semi-broken, in that you can do ARP poisoning attacks without needing the PMK. Were mandating WPA2-AES for this academic year. - -- Arran Cudbard-Bell a.cudbard-b...@sussex.ac.uk, Systems Administrator (AAA), Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqX/rcACgkQcaklux5oVKKx8gCgiovBkbrreyYeujZJtKqQFW5w UPoAoJHW3K0eFB/BTeoMIRppdzzQHjVM =d5FR -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html