Re: Help needed with freeradius, solaris and trapeze

Tue, 29 Apr 2008 02:09:11 -0700 

Alan DeKok wrote:

Guy Davies wrote:

Erm... I'm using WPA2/AES that uses 802.1x to authenticate the user
Yes Alan is just being facetious; WPA with a PSK is generally referred to as WPA-Personal, WPA with dynamic keying is generally referred to as WPA-Enterprise. Sometimes you see just WPA or WPA-PSK which most take to mean WPA-Personal. 

  Hmm... tI thought the "WPA enterprise" did that...  Too many
standards, I guess.


  

You need to tell us which EAP method you plan to use.  If you are
using local users, you can take your pick from EAP-TTLS/PAP or
PEAP/MS-CHAPv2.  If you use the former, you can have the passwords
encrypted in the users file.  If you use the latter, the passwords
must be in clear text.


    

Unless your using PEAP offload in which case you just need to list the 
mschap module, and have the user password available in cleartext or as 
an nt / lm hash... but don't use PEAP offload. Terminate the EAP tunnel 
in FR, it generally works better and is far simpler.

I believe that the default radius.conf and eap.conf files will work
automatically for either option.

    


  In 2.0, yes.


  

Trapeze uses some VSAs to specify which VLAN a user should be

connected to, what time-of-day they can connect, etc. 

Hmm, no. Trapeze use the standard VLAN assignment attributes just like 
any other Vendor. You may be able to use the VSAs to do fancy stuff but :


Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = <VID>

Works just the same.


 Just look in
dictionary.trapeze and you'll see the options.  The Trapeze
documentation was always pretty good at explaining the purpose and
format of those VSAs.  You *MUST* include a VLAN-Name VSA when
responding to a Trapeze unit or it won't connect you to the correct
VLAN.

    

I have a MXR-2 sitting on my desk that says otherwise. You can set a 
default VLAN for each wireless service profile....

  Ah, yes.  *That* vendor.


  

I happen to quite like that vendor and wish people would stop spreading 
misinformation, especially if they haven't used the kit for a few years 
*hmpf*.


Arran

--
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication, Authorisation and Accounting Officer

Infrastructure Services | ENG1 E1-1-08 
University Of Sussex, Brighton

EXT:01273 873900 | INT: 3900

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






















					Reply via email to