On Thu, 22 Jul 2004, Artur Hecker wrote: > > 1. the document needs a quick native speaker review. guys?
The tldp.org have a language review before it is published ;-) > 2. remove the repetitions of the form "how 802.1X works". Fixing it later today. > 3. add links to XSupplicant and FreeRadius in the abstract. Done. > 4. Authenticator config: since the images you include are HTML pages, > you can reduce the overall document size using the trick used in e.g.: > http://www.freeradius.org/doc/EAP-MD5.html > (not important) I'm writing the HOWTO in DocBook XML, and can then later be converted to html, pdf, ... - I don't belive docbook has support for inline html.. overall I think images are better. > also add an image on EAP usage configuration (you only have the radius > related config, where is the SSID-related config?) Will add that later today. > 5. WPA / RSN: stop confusing people even more :-) try this: > > TSN = TKIP+WPA/RADIUS = WPA(1) > RSN = CCMP+WPA/RADIUS = WPA2 > Ok - added ;-) > basically, if you really want to explain stuff instead of just saying > "do that, do this" you can add an explanation divided in several > sections which are to consider: > - network access control (here: always 802.1X) > - authentication method (with 802.1X EAP is implied) > - link layer encryption (TKIP, CCMP, WEP, etc.) > - backend server (EAP-capable RADIUS server implied by 802.1X) > - magic glue :-) i.e. all the conventions on how and when to > derive what and from what and how often and how to transport > all this between AS/A etc., > This requires some major restructuring - will look into it later today.. > 6. in the Xsupplicant section: Configuring Xsupplicant, point 5: are you > sure that "/sbin/iwconfig eth0 mode managed essid testnet enc off" will > let you associate with networks mandating WEP or TKIP usage? have you > tried that with an access point which requires L2 encryption? > > my card would not associate to WEP-networks unless i do "iwconfig eth= > key 0x0" or provide some bogus key. > No - I've just done authentication - no dynamic WEP. Others have requested this as well - will look into it later today. I'm a little uncertain here: xsupplicant claims to have support for dynaic WEP (which I'll try later), but what about WPA/802.11i? Is there no other way than to use HostAP? Does anyone have any experience to share by using PEAP-MSCHAPv2 with xsupplicant and dynamic WEP (to get me started)? I'm a little reluctant to use HostAP, since it will increase the HOWTO and the complexity even more... WPA and 802.11i support is beeing worked on for Xsupplicant.. > also, why not adding "allmulti" to the "ifconfig eth0 up" directive? > Why? To let the interface recive new session/broadcast keys? > > otherwise it looks good to me Thanks for the feedback! -- Lars Strand GnuPG/PGP Key: http://www.gnist.org/~lars/pubkey.asc ID: 972F4325 "The Internet? Is that thing still around?" -- Homer Simpson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
