Your biggest hurdle will be which EAP type to support. It sounds
like you'd really like to authenticate your wireless users against
your existing Linux user base. If you want your users to use their
existing usernames and passwords, that rules out straight EAP-TLS
since that's certificate based (and would require setting up a PKI
infrastructure if you don't already have one). Are your Linux users
in the standard passwd/shadow format using DES or MD5 salted
encryption? If so, you'll be further limited in what EAP types you
can support pretty much to EAP-TTLS/PAP. FreeRADIUS can do this just
fine, but you'll have to install a supplicant on your Windows users'
laptops. A popular choice for this is the SecureW2 supplicant, found
at http://www.securew2.com.
--Mike
On Jul 5, 2007, at 1:27 PM, David Gillett wrote:
The "Identity Engines" product is basically "RADIUS on steroids",
and can back-end the authentication against a variety of different
systems. It might address your need.
David Gillett
-----Original Message-----
From: Emily Harris [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 05, 2007 11:09 AM
To: [email protected]
Subject: [WIRELESS-LAN] 802.1x without AD or LDAP?
I am curious if anyone has (successfully) implemented
WPA/802.1x with authentication via RADIUS to something OTHER
than Active Directory or LDAP. We unfortunately are somewhat
behind in our method of campus-wide user management - LDAP is
coming in 2008 but for now we have to make do with
authenticating against Linux servers. Last year we used
static WEP with Webauth, using a RADIUS script for
user/password verification.
That means two configurations and way too much user training,
so we wanted to do something a little less cumbersome this year.
FYI we're using Meru MC3000 and AP208s.
Any replies would be appreciated - thank you!
--
Emily Harris, BC '95
Associate Director, Network & Systems
Barnard College, MINS Department
3009 Broadway, New York, NY
212-854-8795
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://
www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
