RE: Question List
1: Can freeradius do a certificate authentication? (ie: we give each user a certificate that the machine gives for auth) if your access point supports 802.1x then yes, you can use this method with freeRADIUS. The clients-machines must have an 802.1x client (supplicant). Use EAP-TLS on freeRadius. 2: Can i use all three (ie: i give server cert, it asks for user/pass and verifies against cert, then checks MAc addy. All must match in order to auth.) Depending on the Access Point you might be able to check the MAC-Addy: add it as a check-item if your AP sends the client MAC (usually the calling-station-id attribute. Not sure if you can mix username/pass and certificates, but thats getting real paranoid!! I know it seems like a bit much but these are public networks and would like to keep unauthed use to min. Thanks for any input. If its a public network, then certificate-management and MAC address management might be an issue that you may want to consider: each time your user uses a different card, or computer you need to re-configure his MAC address. You also need secure ways of providing certificates to the user, revoking certificates etc. MAC spoofing is trivial on most systems so you may want to stick with username/pass or EAP-TLS (secure, but needs 802.1x support in the AP, and a little work on the client machine to install the certificate). -Puneet ___ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Question List
I am currently looking at implementing freeradius to authenticte wireless users. My questions are this 1: Can freeradius do a certificate authentication? (ie: we give each user a certificate that the machine gives for auth) I know it can also do user/pass and MAC auth so question 2 becomes 2: Can i use all three (ie: i give server cert, it asks for user/pass and verifies against cert, then checks MAc addy. All must match in order to auth.) I know it seems like a bit much but these are public networks and would like to keep unauthed use to min. Thanks for any input. Roy Wills - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question List
You can LEAP authentication that come with FreeRadius by default, if you have cisco equipments that is --- Roy Wills [EMAIL PROTECTED] wrote: I am currently looking at implementing freeradius to authenticte wireless users. My questions are this 1: Can freeradius do a certificate authentication? (ie: we give each user a certificate that the machine gives for auth) I know it can also do user/pass and MAC auth so question 2 becomes 2: Can i use all three (ie: i give server cert, it asks for user/pass and verifies against cert, then checks MAc addy. All must match in order to auth.) I know it seems like a bit much but these are public networks and would like to keep unauthed use to min. Thanks for any input. Roy Wills - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
