John Wan wrote:
I have setup the chillispot+freeRadius+Win2k3AD for my wireless
network. Everything is working but the AD authentication. Apparently the
reason not working is because AD does not like the CHAP authentication
and AD likes MS-CHAP. I do not know how to configure and where to
/wireless solution for a school
The database is not a problem, since we have a huge one in
place, one stored in Active Directory (for which I can use
the freeradius LDAP module) or MySQL one. The database is
really our main strength, since we have tons of information
about every student, staff
://www.nabble.com/a-freeradious-wireless-solution-for-a-school-tf3036221.html#a8624324
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
? No having one is an acceptable answer as
well.
Post back, it's a lot of info, but we're here to help.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
View this message in context:
http://www.nabble.com/a-freeradious-wireless-solution-for-a-school
Hi,
responsibility entails). A quick question, however, would this be just as
eay to set up on a Macintosh? (since many of my supplicants will be macs..)
Macs are very friendly with wireless (well, if its OSX 10.3 and higher
anyway). you can configure them to match the PC method - EAP-PEAP
or
-Original Message-
The database is not a problem, since we have a huge one in
place, one stored in Active Directory (for which I can use
the FreeRADIUS LDAP module) or MySQL one.
If you use ActiveDirectory, I believe you would have an easier time
using ntlm_auth. Using LDAP
the PC method - EAP-PEAP
or go via EAP-TTLS with MSCHAPv2 internal tunnel etc
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
View this message in context:
http://www.nabble.com/a-freeradious-wireless-solution-for-a-school-tf3036221.html#a8637986
Quoting gkalinec [EMAIL PROTECTED]:
What would, in your opinion, be better? TTLS or PEAP?
I believe with TTLS you would need to load software on each computer, can
someone else verify that? I am using PEAP and it works with Windows, Macs and
linux(using wpa_supplicant or xsupplicant).
Also,
Hi,
So then it seems to me that my best solution would then be to implement
either an EAP-PEAP or EAP-TTLS solution authenticating against either my
PEAP or TTLS? no reason why you cannot have both. FreeRADIUS is quite happy
doing both
at same time... especially if you use MSCHAPv2 as the
-Original Message-
What would, in your opinion,
be better? TTLS or PEAP?
They're not Mutually exclusive. You can have both. I'd suggest doing
both.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Please elaborate on how the system can be circumvented?
FakeAP spring to mind instantly. as does any of the other man-in-middle
attacks. a quick google will bring up many methods of doing such attacks.
basically, I set up an a software AP with same SSID. I have same login
page - even the
Hi,
* Apache
* Freeradius
* Chillispot
* Mysql
though note that captive portals are easy to mitigate/spoof and circumvent
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Therein lies the problem. My potential users are a lot of my students.
The idea of having to install certificates in 200+ laptops is not really
feasible. And showing them how to install is an exercise in futility,
since most of our students are not computer savvy enough to do it.
you
Khan
Sent: Monday, January 22, 2007 1:44 PM
To: FreeRadius users mailing list
Cc: freeradius-users@lists.freeradius.org
Subject: Re: a freeradious/wireless solution for
a school
Hi,
Use EAP-TLS, the most secure one. It will
automatically give encryption
key
Please elaborate on how the system can be circumvented?
Tas.
[EMAIL PROTECTED] wrote:
Hi,
* Apache
* Freeradius
* Chillispot
* Mysql
though note that captive portals are easy to mitigate/spoof and circumvent
alan
-
List info/subscribe/unsubscribe? See
users mailing list
Subject: Re: a freeradious/wireless solution for a school
Please elaborate on how the system can be circumvented?
Tas.
[EMAIL PROTECTED] wrote:
Hi,
* Apache
* Freeradius
* Chillispot
* Mysql
though note that captive portals are easy
://www.nabble.com/a-freeradious-wireless-solution-for-a-school-tf3036221.html#a8437548
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Use EAP-TLS, the most secure one. It will automatically give encryption
key to the clients. U have to do onething, install the client certificates
in the beginning in each client machine that will use your wireless and
thats it.
There are other options like EAP-PEAP, LEAP etc
Check out for
On 1/18/07, gkalinec [EMAIL PROTECTED] wrote:
places on campus for students and staff to access our network. The person
who set these up (my current boss) simply did a MAC access control list on
each AP and made the students and staff come to him to register their
computers. This was a major
Without being too subtle, You've mis-understood much of the research
you've read. Don't worry about it, there is quite a bit of
contradictory information out there.
There's quite a bit of background information, so it'll be a little bit
before I mention FreeRADIUS.
First. It's WPA, not WAP.
Quoting King, Michael [EMAIL PROTECTED]:
You configure your client to use TTLS or PEAP, and upon connecting to
the network, they will be prompted to enter username and password. If
they don't have one, they don't get on. If they do have one, they get
on.
This also solves your problem of
Khan
Sent: Monday, January 22, 2007 1:44 PM
To: FreeRadius users mailing list
Cc: freeradius-users@lists.freeradius.org
Subject: Re: a freeradious/wireless solution for a school
Hi,
Use EAP-TLS, the most secure one. It will automatically give encryption
key to the clients. U have to do
: freeradius-users@lists.freeradius.org
Subject: Re: a freeradious/wireless solution for a school
Hi,
Use EAP-TLS, the most secure one. It will automatically give encryption
key to the clients. U have to do onething, install the client
certificates
in the beginning in each client machine that will use
:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
org] On Behalf Of Nazeer Khan
Sent: Monday, January 22, 2007 1:44 PM
To: FreeRadius users mailing list
Cc: freeradius-users@lists.freeradius.org
Subject: Re: a freeradious/wireless solution for
a school
Hi,
Use EAP-TLS, the most
Hi German,
You've already had much wisdom; I'm going to try a comprehensive reply
to the whole problem.
In message [EMAIL PROTECTED], gkalinec
[EMAIL PROTECTED] writes
I work for a mid-size private school (about 700-800 people on campus), and
I'm trying to set up a way to limit the use of
] On Behalf Of Nazeer Khan
Sent: Monday, January 22, 2007 1:44 PM
To: FreeRadius users mailing list
Cc: freeradius-users@lists.freeradius.org
Subject: Re: a freeradious/wireless solution for a school
Hi,
Use EAP-TLS, the most secure one. It will automatically give encryption
key to the clients. U have
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
org] On Behalf Of Nazeer Khan
Sent: Monday, January 22, 2007 1:44 PM
To: FreeRadius users mailing list
Cc: freeradius-users@lists.freeradius.org
Subject: Re: a freeradious/wireless solution for
a school
27 matches
Mail list logo