Hi all. I have been running freeradius for quite a while now to authenticate dial-up users through our Cisco 3660. Additionally, I configured several of our internal devices for AAA. This has all worked quite well and I have been using a MySQL backend. Now I am getting ready to deploy a wireless network in our facility and need to lock it down. My idea is to have our users authenticate and authorize against our active directory. Then, to provide access to guests, just create a bogus wireless user that doesn't exist in the AD, so radius falls back to a different auth method (sql) to let the user at least get on and get an address from our dhcp. I basically have this model working through regular telnet and PPP right now, less the wireless piece. I have successfully set up authentication to AD, but I have some questions and concerns. I have done quite a bit of research on this and read the pertinent files in the /doc folder included with the FR software. So, I hope my questions make sense. First: We do not allow anonymous binding to our AD LDAP. So, for testing to date, I have used "Administrator" and the associated password in the config file. Obviously this is less than ideal :) What is the best or better alternative? Allowing anonymous bind? Creating a bind-only "user" for auth purposes? Am I correct that the NAS passes the username and password to FR in cleartext? Is there any method to send/receive the password between FR and AD encrypted? If I want to use WPA with TKIP (or preferably AES) do I *have* to have a supplicant? Most hosts will be XP, though there is a slim chance I may have to deal with others. Lastly, as I mentioned earlier, I have googles, read, googled, read, a *lot* of info. Is there a CONCISE site anywhere on the web the defines everything needed without leaving out the *one* critical piece that actually makes it work? ;-)
Thanks in advance, Laker __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html