Re: wpa2-psk and radiusd possible?
Hi, > Can you please provide some keywords or maybe links for that? Seems that > i use wrong seach terms, because i found nothing real usable. Thanks! > Sure: http://www.eduroam.org/downloads/docs/GN2-08-230-DJ5.1.5.3-eduroamCookbook.pdf (it applies to 802.1X setups in general, not exclusively eduroam) Chapter 3.2.7 is a HOWTO for pre-configuring the supplicant SecureW2. Might be a bit outdated, please sync the .ini file's config options with the current SecureW2 manual. Appendix C.3 is for the iPhone (superb example of an importable config profile that makes it work for your users really easy) Appendix C.5 is for Intel PRO/Wireless supplicant. The document doesn't cover netsh installers for Windows Vista and 7, but searching for "netsh wlan profile" should take you places. If the above document actually helped you: time for joy and happiness; it was payed by your tax money, so now finally, the system gives something back to you :-) Stefan -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: wpa2-psk and radiusd possible?
Hi,... Am Donnerstag, den 16.07.2009, 08:27 +0200 schrieb Stefan Winter: > Your bet is correct: WPAx-PSK does not consult a RADIUS server at all. > One PSK is for the whole SSID, there is not usually a PSK-per-user. So Thanks, i wanted to get sure about that. > how did you do that with hostap; have one SSID for every MAC, and one > PSK associated to it? No, one (1) SSID and for every MAC a different PSK. For that, hostapd can read a file with pairs of "$MAC $PSK". (option: "wpa_psk_file=/path/to/hostapd.wpa_psk") > If you want individual keys per client, WPAx-Enterprise with 802.1X > authentication is the commodity way. If your users get confused with the > certs, either create a pre-configured site deployment of your supplicant > which sets stuff up for them (exists for many supplicants) Can you please provide some keywords or maybe links for that? Seems that i use wrong seach terms, because i found nothing real usable. Thanks! > or educate > your users until they get it. This is may be the hardest part. ;-) best regards -- Stefan Jensen signature.asc Description: Dies ist ein digital signierter Nachrichtenteil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: wpa2-psk and radiusd possible?
Hi, > Is there a way to have different PSK's for every MAC? I bed, it is > not a job for radius and maybe a complete wrong concept? > Your bet is correct: WPAx-PSK does not consult a RADIUS server at all. One PSK is for the whole SSID, there is not usually a PSK-per-user. So how did you do that with hostap; have one SSID for every MAC, and one PSK associated to it? If you want individual keys per client, WPAx-Enterprise with 802.1X authentication is the commodity way. If your users get confused with the certs, either create a pre-configured site deployment of your supplicant which sets stuff up for them (exists for many supplicants) or educate your users until they get it. Greetings, Another Stefan > best regards > > stefan > > PS: sorry for bad english ;-) > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
wpa2-psk and radiusd possible?
Hi,... i'm pretty new to radiusd, so this may be a dump question. :-) Is it possible to use something like MAC-based WPA2-PSK's to- gether with radiusd? I have used a single "hostapd" installation as AP, configured with unique WPA2-PSK's for each MAC-Addr that should have access. (which prevents trading the PSK) Now i want extend our network with a couple of Linksys Router, so I've installed radiusd and got EAP,PEAP,802.1X to work so far. But my users find it complicated to mess around with the Certs, so i decided to use the same PSK on all NAS-Clients (dd-wrt) and only doing MAC-Auth with radiusd. Is there a way to have different PSK's for every MAC? I bed, it is not a job for radius and maybe a complete wrong concept? best regards stefan PS: sorry for bad english ;-) -- Stefan Jensen signature.asc Description: Dies ist ein digital signierter Nachrichtenteil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html