probably because a big company in redmond is responsible for the latter.
but i have nothing against it.
ciao artur
Troy Davis wrote:
Just from a very newbie's put of view why do you briefly touch on setting up a UNIX client and not a windows client
Regards Troy
----- Original Message ----- From: "Lars Strand" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 23, 2004 8:02 PM
Subject: Re: 802.1X HOWTO (draft)
On Thu, 22 Jul 2004, Artur Hecker wrote:
1. the document needs a quick native speaker review. guys?
The tldp.org have a language review before it is published ;-)
2. remove the repetitions of the form "how 802.1X works".
Fixing it later today.
3. add links to XSupplicant and FreeRadius in the abstract.
Done.
4. Authenticator config: since the images you include are HTML pages, you can reduce the overall document size using the trick used in e.g.: http://www.freeradius.org/doc/EAP-MD5.html (not important)
I'm writing the HOWTO in DocBook XML, and can then later be converted to html, pdf, ... - I don't belive docbook has support for inline html.. overall I think images are better.
also add an image on EAP usage configuration (you only have the radius related config, where is the SSID-related config?)
Will add that later today.
5. WPA / RSN: stop confusing people even more :-) try this:
TSN = TKIP+WPA/RADIUS = WPA(1) RSN = CCMP+WPA/RADIUS = WPA2
Ok - added ;-)
basically, if you really want to explain stuff instead of just saying "do that, do this" you can add an explanation divided in several sections which are to consider: - network access control (here: always 802.1X) - authentication method (with 802.1X EAP is implied) - link layer encryption (TKIP, CCMP, WEP, etc.) - backend server (EAP-capable RADIUS server implied by 802.1X) - magic glue :-) i.e. all the conventions on how and when to derive what and from what and how often and how to transport all this between AS/A etc.,
This requires some major restructuring - will look into it later today..
6. in the Xsupplicant section: Configuring Xsupplicant, point 5: are you sure that "/sbin/iwconfig eth0 mode managed essid testnet enc off" will let you associate with networks mandating WEP or TKIP usage? have you tried that with an access point which requires L2 encryption?
my card would not associate to WEP-networks unless i do "iwconfig eth= key 0x0" or provide some bogus key.
No - I've just done authentication - no dynamic WEP. Others have requested this as well - will look into it later today.
I'm a little uncertain here: xsupplicant claims to have support for dynaic WEP (which I'll try later), but what about WPA/802.11i? Is there no other way than to use HostAP?
Does anyone have any experience to share by using PEAP-MSCHAPv2 with xsupplicant and dynamic WEP (to get me started)?
I'm a little reluctant to use HostAP, since it will increase the HOWTO and the complexity even more... WPA and 802.11i support is beeing worked on for Xsupplicant..
also, why not adding "allmulti" to the "ifconfig eth0 up" directive?
Why? To let the interface recive new session/broadcast keys?
otherwise it looks good to me
Thanks for the feedback!
-- Lars Strand GnuPG/PGP Key: http://www.gnist.org/~lars/pubkey.asc ID: 972F4325 "The Internet? Is that thing still around?" -- Homer Simpson
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
