hi
- What are differences between "unicast key" and "multicast/global key".
If unicast key is used
for encrypting per-client data and if I have 20 client, does that mean
Access Point must hold all
of course, since the communications are encrypted with a different key
per client. otherwise your cell neighbors could read your data.
20 per-client unicast key? And if multicast/global key is used for
encrypting multicast/broadcast
traffic, does that mean we have to pre-configure the key in Access Point?
when it gets down to details, then it gets a little bit nasty, since
strictly spoken before 802.11i there wasn't any real standard for that.
talking about 802.11i, the answer is NO. the multicast key is chosen
randomly by the access point for the first client and is delivered to
the client by the access point using a key encryption key for any
subsequent client.
- Can someone explain me about "4-way handshake" and how a client
derives 128-bits key for
Encryption and 64-bits key for MIC.
yes, the IEEE 802.11i standard. please read the security section or look
on the web for 802.11i 4way handshake. i'm sure you'll find enough
information.
- I want to authenticate my clients with ComputerName\\UserName and i
configured my
radiusd.conf like below:
realm ntdomain {
format = prefix
delimiter = "\\\\"
ignore_default = no
ignore_null = no
}
Is it right? Is it neccessary to care lowercase or upercase in ComputerName?
ahem. i think that you could do it this way, but it is not necessary.
the realms are primarily used for relaying requests to other servers. if
you just want a naming convention, you could probably directly store
these names in a database.
- And I have a problem with my XP client: after the first successful
authentication, when I
disconnect and reconnect, Instead I must enter my username and password,
It automatically
connect without a login prompt.
you mean with PEAP/MS-CHAPv2? yes, Windows XP stores the credentials in
the registry.
http://support.microsoft.com/default.aspx?scid=kb;en-us;823731
ciao
artur
--
Artur Hecker
WaveStorm SARL
WaveStorm Support: [EMAIL PROTECTED]
http://www.wave-storm.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
