Hello everyone, this is my first time getting started with freeradius.

 I implement ICT at a local school and I would like to improve our wireless
from a WPA pre-share key to a radius based system. We have an openldap
server already with all our users and groups and use them to authticate them
into our clients. I would like to extend this username and password
requirement to our wireless systems rather than having to give out our
wireless key. Our wireless users have a variety of Windows, OSX and Linux
machines.
 Free-radius therefore seems to be the idea solution to this.

First up i have read this guide:
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUSto
get me started on the idea of ldap and radius.

Next up ive read this guide:
http://ubuntuforums.org/archive/index.php/t-478804.html which works on the
idea of PEAP.

In my scenario I would like to use PEAP if possible but not require the user
client to have a certificate, just the radius-server (which is why i believe
the TTLS solution will  be in-efficient here as i would have to deal with
handy out client certificates to hundreds of users). And to be asked thern
their username and password to authticate onto our wireless. Would combining
these two guides work to get these two intial sets up and running?

Second up how can i then extend this system so that i can ban specific users
and groups from the wireless system. Obviously i could remove them from ldap
but I would like to be able to have the flexibility to prevent a user using
the wireless but to still be able to log onto one of our terminals. I
believe in your FAQ article the section How do I deny access to a specific
user, or group of users? would do this definatly for the user. If i make
sure I add the user specifically before it goes onto the ldap auth. However
how can i get it to deny access to ldap groups from this?

Any help / guides online which you think will help me get pointed in the
right direction would be super.

Many Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to