Hi, > Well, lets say its not possible... since we are an university, with > something about 600 conections every night, with lots of O.S working (70%
we are a university with around 6500 concurrent wireless users and 5000 concurrent wired connections in the student residential network. > windows), it would be kinda hard to configure every single computer with a > software. > Its better to make a new DB with new passwords on EAP and use a .bat + xml > profile to configure windows notebooks. we use a profile deployment tool - our current choice is cloudpath Xpressconnect - which does its job. our Windows clients are configured to use standard microsoft PEAP PEAPv0/MSCHAPv2 - our backend authentication is Microsoft ActiveDirectory - our FreeRADIUS servers authenticate the users via the AD - and we have a post-auth PERL script which does some checks and then, if eg a student - puts them onto a student VLAN. all basic 802.1X and AAA stuff. we are also a member of eduroam - so visitors to our campus who are also from eduroam sites just get online - most without even realising as they have en eduroam profile on their smartphone or tablet. zero config 'open laptop and be online' - all done by the same FreeRADIUS architecture. Old Windows systems need an extra supplicant to do other forms of EAP such as EAP-TTLS/PAP - eg open1X or SecureW2 - Windows 8 now natively supports such EAP methods - so those new surface tablets should make life easier. Just ensure that your settings are actually secure on the clients - ie ensure that the clients are set to trust the CA of your RADIUS server and are set to have the CN of your RADIUS server. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
