Hello everyone, this is my first time getting started with freeradius. I implement ICT at a local school and I would like to improve our wireless from a WPA pre-share key to a radius based system. We have an openldap server already with all our users and groups and use them to authticate them into our clients. I would like to extend this username and password requirement to our wireless systems rather than having to give out our wireless key. Our wireless users have a variety of Windows, OSX and Linux machines. Free-radius therefore seems to be the idea solution to this.
First up i have read this guide: http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUSto get me started on the idea of ldap and radius. Next up ive read this guide: http://ubuntuforums.org/archive/index.php/t-478804.html which works on the idea of PEAP. In my scenario I would like to use PEAP if possible but not require the user client to have a certificate, just the radius-server (which is why i believe the TTLS solution will be in-efficient here as i would have to deal with handy out client certificates to hundreds of users). And to be asked thern their username and password to authticate onto our wireless. Would combining these two guides work to get these two intial sets up and running? Second up how can i then extend this system so that i can ban specific users and groups from the wireless system. Obviously i could remove them from ldap but I would like to be able to have the flexibility to prevent a user using the wireless but to still be able to log onto one of our terminals. I believe in your FAQ article the section How do I deny access to a specific user, or group of users? would do this definatly for the user. If i make sure I add the user specifically before it goes onto the ldap auth. However how can i get it to deny access to ldap groups from this? Any help / guides online which you think will help me get pointed in the right direction would be super. Many Thanks.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html