hi
TKIP is the encryption method used on the wireless link. radius is
designed to be independent of the access technology used by the NAS.
in other words, TKIP is something which is not known to the radius
server - by design. the radius server will - if available - provide the
NAS (802.11 access point in that case) with the raw key material.
however it is up to the NAS to derive the necessary keys from it.
you configure the NAS to use TKIP on the link. freeradius is
automatically configured in a way that will derive and attach key
material to the access-accept message sent to the solicited NAS. you can
see the MPPE-*** attributes in the access-accept message in the full log
(radiusd -s -X)
ciao
artur
Dani Camps wrote:
I want to set up a secure wlan using EAP-PEAP as
authentication method and Radius as a authentication
server, in the AP I choose TKIP encryption, but I
think TKIP needs to renew the keys used, and I think
is the Radius server the one that has to create the
keys and pass them to the AP, is this true ?
In that case how to configure Radius to use TKIP ?
Any of you have experience in this set up, wlan with
EAP-PEAP authentication in a Radius server and using
TKIP for encryption ?
Thanks !
__
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
