RE: [wirelesslan] Few implementation doubts

Mon, 20 Sep 2004 23:23:55 -0700 

Frank:
Thanks for your replies again. Ok. I understand I need the client
(supplicant) to authenticate with RADIUS. I have few questions based on your
previous mail.
1.      If I decided to use the native client of windows xp, when the user
wishes to join wireless network, how could he initiate the authentication
process, or is it automatic?( Because I could see the configuration on
Wireless network with CHAP and stuffs, but how could I start the
authentication process. Also, in the beginning if the user is not login to
the domain, he might have to initiate somehow the authentication.)
2.      Does the native clients for windows and the funk and meetinghouse,
work with free RADIUS?
Thank you,
Sincerely,
Janakan Rajendran
 
  _____  

From: Frank Bulk [mailto:[EMAIL PROTECTED] 
Sent: Monday, September 20, 2004 1:48 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [wirelesslan] Few implementation doubts
 
Janakan:
 
EAP is a Layer-2 method, so the user is authenticated BEFORE receiving an IP
address.  But because it's Layer-2, they won't be able to use a web-browser
and URL to perform that authentication, because that requires Layer 3.  What
happens is that an 802.1X client or supplicant is used to provide the
client-interface to the authentication scheme.  Native clients are available
for Win2K, XP, and OS X.  There are free ones for Linux, and possibly some
others for Win9x.  Of course, you can purchase supplicants from Funk
Software and Meetinghouse, but I think you mentioned the word free.
 
I've never personally implemented this, so perhaps others in the group can
chime in with their actual user experiences.
 
Frank

>>> "Janakan Rajendran" <[EMAIL PROTECTED]> Monday, September 20, 2004
12:17:51 PM >>>
Thanks Frank for your reply. I will do research on PEAP. Further, as I
mentioned, Id like to assign IP to the WLAN users using my DHCP server and
Id like the users to get authenticated by LDAP before assigning the IP. How
do I that? My thought is to have a URL and if the users go the URL, they
will be asked for their user name and password which is authenticated by my
AD. Once they authenticated then they will be assigned the IP. 
Is it possible?
Awaiting for reply,
Regards,
Janakan Rajendran
 
  _____  

From: Frank Bulk [mailto:[EMAIL PROTECTED] 
Sent: Monday, September 20, 2004 7:53 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [wirelesslan] Few implementation doubts
 
Janakan:
 
If you are using Active Directory you might want to consider implementing
PEAP in conjunction with Active Directory's support for RADIUS.
 
If you want to do something different like TTLS or LEAP, you could install a
Cisco ACS server that can backend to your Active Directory.
 
As for collecting MAC addresses, I will hazard a guess and suggest that
either the Win2K/2K03' RADIUS server or ACS could log all connection, such
that over time you could extract the MAC address from the file.  If these
users normally log into a domain, you could also run a logon script that
could export to a text file the MAC addresses of all their network
interfaces.
 
While I'm not sure of any free Linux-based software for WEP key management,
I know there is a RADIUS server that runs on Linux called FreeRADIUS.  That
could help with your authentication of TTLS and whatever other EAP methods
it supports.
 
Regards,
 
Frank

>>> [EMAIL PROTECTED] Saturday, September 18, 2004 8:17:45 PM >>>
Hi,

I have few doubts in WLAN implementation (802.11a/b/g, dual band, tri-mode).
Well, I want to authenticate users with LDAP (Active Directory) as I have a
list of users in my domain. Also, I want the users to get IP from my DHCP
server How do I do that? I'd be implementing all Cisco APs..If anyone has
implemented with LDAP user authentication and also dynamic IP with DHCP, plz
give your inputs. Also, if I want to provide MAC filtering, what is the
easiest way to collect user's MAC address rather than doing it manually? (As
the number of users will be in 1000). Is there any java script and using
webpage can I get the user's MAC address and later add that to my MAC table?

Also, I'd like to know is there any Linux based free softwares available for
WEP key management(as a dynamic server to assign WEP key to users per
session). I am much concerned about the security. Any inputs related to that
also would be appreciated

Anticipating responses from the experienced users.

Thank you,

Sincerely,
Janakan Rajendran




[Non-text portions of this message have been removed]




------------------------ Yahoo! Groups Sponsor --------------------~--> 
Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
Now with Pop-Up Blocker. Get it for free!
http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/5AhqlB/TM
--------------------------------------------------------------------~-> 

*******
Wireless LAN Weblog - WLAN Forum
http://www.wireless--lan.com/

Wireless LAN Search
http://search.freefind.com/find.html?id=6750665

Wireless LAN Jobs - WLAN Jobs
http://groups.yahoo.com/group/wlanjobs/

http://www.azhttp.com/
<a href="http://www.azhttp.com/";> Arizona High Tech Talent Partnership</a>

http://www.science-fairs.com/
<a href="http://www.science-fairs.com/";> Science Fairs</a>


If you got this from someone else you can join at 
http://groups.yahoo.com/group/wirelesslan/ or 
mailto:[EMAIL PROTECTED]

To unsubscribe: mailto:[EMAIL PROTECTED]
 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/wirelesslan/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Reply via email to