[EMAIL PROTECTED] wrote: >> The EAP-Message doesn't appear to be encrypted on the initial packet >> from the ap to the server. Inside i see Type and Identity (containing my >> username. The username is also in the User-Name attribute) >> > > that'll be your outer identity... which, as it is plain to see (pun > definately > intended folks), is why many people use some anonymous identity for > protection..why give away some of your credentials? - eg [EMAIL PROTECTED] > Hmmm. Well, in the first packet i see the Identity in the EAP-Message, but the User-name attribute is in every packet sent by the AP. How would i go about using an anonymous identity? Would that be up to the wireless client configuration? It would be quite important for me to hide this. If i'm understanding you correctly, the User-name attribute and the Identity field in the EAP-Message attribute have nothing to do with authentication which is all enclosed (including the username) in PAP which is encrypted inside EAP-TTLS? If i could just get this fixed, i think i'd be happy with my setup...
> authenticate = yes, you are who you are > authorize = should you be using this? do we perhaps change the service you > get (eg VLAN) > > if you've allowed people to talk to the RADIUS server, then they can...this > is why > you have eg the clients.conf (or clients SQL) to define *WHAT* NAS can talk > to RADIUS > server and what secret key they must have to talk to it. you can define > whatever > type of authentication that FR supports...depending on the eg username... > This certainly helps me understand, but it would be nice to get a more complete understanding. I don't want to hassle you by continually asking you questions until i get it - can you point me to somewhere i can read up on this and understand. For example, it confuses me that there is an ldap, eap and pap section in the authorize section, but pap is to be used exclusively inside eap with the client and ldap is to be used exclusively with the backend server. Thanks for your help, John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
