On Thu, Jan 1, 2009 at 9:45 PM, Sergio Belkin <seb...@gmail.com> wrote: > Hi, > > I want to connect to a > wireless network either WPA(2) Enterprise TTLS/PAP or WPA(2) > Enterprise(2) PEAP/MSCHAPv2. I could connect using NetworkManager. But > AFAIK NetworkManager lacks the capability of check server radius name, > so there is somewhat insecure. I'd like provide a workaround using > wpa_supplicant.conf .(that it seems has such a capability) that along works > with NetworkManager, (in fact I have the maybe wrong impression that > it is not aware of wpa_supplicant.conf) but I don't understand how > modern distros like Fedora or Ubuntu make interact those software with > each other. > > How can I make things work? > > Thanks in advance > > > -- > -- > Open Kairos http://www.openkairos.com > Watch More TV http://sebelk.blogspot.com > Sergio Belkin - > _______________________________________________ > NetworkManager-list mailing list > NetworkManager-list@gnome.org > http://mail.gnome.org/mailman/listinfo/networkmanager-list >
It does have the ability to validate that the cert used by the Radius server was issued by Certificate Authority you trust so that helps ensure that you don't send your credentials to any rogue AP. Network-Manager calls wpa_supplicant over dbus so in theory any feature wpa_supplicant supports Network Manager can support (It does not have the ability to interact with a local wpa_supplicant.conf). The questions is likely the benefit of the addition. I personally don't see much benefit to this, if someone wants to spoof your connection and all you are relying on is the Radius server name to validate the wireless network then as an attacker I am going to connect to that AP and see what that radius server calls itself when it passes me it's public key. Then just mimic it so that your clients will connect to me... Unless I am missing something? To secure your Wireless network always use a certificate signed by a trusted authority and ensure that all clients validate that before sending their credentials. _______________________________________________ NetworkManager-list mailing list NetworkManager-list@gnome.org http://mail.gnome.org/mailman/listinfo/networkmanager-list