Yes I understand and agree.. However in this environment I think we'll be ok.
Thanks --Guy On 6 Mar 2011, at 19:22, Alan Buxey wrote: > Hi, > >>> I changed "default_eap_type=md5" to "default_eap_type=ttls" and now the >>> Macs are able to authenticate without Certs or any configuration on their >>> side!! > > I'm guessing that MD5 isnt a valid 'ready ticked' EAP type by default. you > would probably be okay putting eg default_eap_type=peap too > > I'd also agree with James too - you really dont want to just allow a dumb > 'click and go' configuration to be valid on a client - otherwise a malicious > person could spoof your SSID and your RADIUS server and then clients could > try authenticating against the bad RADIUS server with no warnings for > the user. if using TTLS/PAP that could be very bad > > alan > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html