John Wan wrote:
>
> I have setup the "chillispot"+"freeRadius"+"Win2k3AD" for my wireless
> network. Everything is working but the AD authentication. Apparently the
> reason not working is because AD does not like the CHAP authentication
> and AD likes MS-CHAP. I do not know how to configure and w
il we see a request.
Many thanks in advance.
John Wan
> -----Original Message-
> From:
> [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]
> s.org] On Behalf Of gkalinec
> Sent: Friday, 26 January 2007 2:06 AM
> To: freeradius-users@lists.freeradius.org
> Subject: RE
> -Original Message-
> What would, in your opinion,
> be better? TTLS or PEAP?
They're not Mutually exclusive. You can have both. I'd suggest doing
both.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> So then it seems to me that my best solution would then be to implement
> either an EAP-PEAP or EAP-TTLS solution authenticating against either my
PEAP or TTLS? no reason why you cannot have both. FreeRADIUS is quite happy
doing both
at same time... especially if you use MSCHAPv2 as the i
Quoting gkalinec <[EMAIL PROTECTED]>:
What would, in your opinion, be better? TTLS or PEAP?
I believe with TTLS you would need to load software on each computer, can
someone else verify that? I am using PEAP and it works with Windows, Macs and
linux(using wpa_supplicant or xsupplicant).
> Also,
OSX 10.3 and higher
> anyway). you can configure them to match the PC method - EAP-PEAP
> or go via EAP-TTLS with MSCHAPv2 internal tunnel etc
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
--
View this message in
> -Original Message-
>
> The database is not a problem, since we have a huge one in
> place, one stored in Active Directory (for which I can use
> the FreeRADIUS LDAP module) or MySQL one.
If you use ActiveDirectory, I believe you would have an easier time
using ntlm_auth. Using LDA
Hi,
> responsibility entails). A quick question, however, would this be just as
> eay to set up on a Macintosh? (since many of my supplicants will be macs..)
Macs are very friendly with wireless (well, if its OSX 10.3 and higher
anyway). you can configure them to match the PC method - EAP-PEAP
o
Now we're at RADIUS. What type of user database do you have?
> Activedirectory? Novell? No having one is an acceptable answer as
> well.
>
> Post back, it's a lot of info, but we're here to help.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
--
View this message in context:
http://www.nabble.com/a-freeradious-wireless-solution-for-a-school-tf3036221.html#a8626010
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mpractical, some kind of Chillispot or similar captive
> portal setup based around RADIUS is possible, but that won't encrypt the
> data on the wireless network, which should be one of your aims.
> Chillispot can be used with WPA, but I have no experience of doing this.
>
> MAC authentication, in my opinion, isn't worth bothering with - the
> security it provides is trivially broken, and management is a nightmare.
>
>
> If you need new APs, something like the 3Com 7760 or 8760 would be more
> suitable than the arguably consumer grade Netgear units you have, not
> least because you can accommodate legacy clients that can't be upgraded
> to a new secure wireless network whilst requiring all new clients to
> operate on WPA2 Enterprise using PEAP.
>
>
>
>
> David
> --
> David Wood
> [EMAIL PROTECTED]
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
--
View this message in context:
http://www.nabble.com/a-freeradious-wireless-solution-for-a-school-tf3036221.html#a8624324
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
> Please elaborate on how the system can be circumvented?
FakeAP spring to mind instantly. as does any of the other man-in-middle
attacks. a quick google will bring up many methods of doing such attacks.
basically, I set up an a software AP with same SSID. I have same login
page - even the sa
Sent: 23 January 2007 21:55
> To: FreeRadius users mailing list
> Subject: Re: a freeradious/wireless solution for a school
>
> Please elaborate on how the system can be circumvented?
>
> Tas.
>
> [EMAIL PROTECTED] wrote:
> > Hi,
> >
> >
Please elaborate on how the system can be circumvented?
Tas.
[EMAIL PROTECTED] wrote:
Hi,
* Apache
* Freeradius
* Chillispot
* Mysql
though note that captive portals are easy to mitigate/spoof and circumvent
alan
-
List info/subscribe/unsubscribe? See http://www.freera
Nazeer Khan
Sent: Monday, January 22, 2007 1:44 PM
To: FreeRadius users mailing list
Cc: freeradius-users@lists.freeradius.org
Subject: Re: a freeradious/wireless solution for
a school
Hi,
Use EAP-TLS, the most secure one. It will
automatically give encryption
key
Hi,
> Therein lies the problem. My potential users are a lot of my students.
> The idea of having to install certificates in 200+ laptops is not really
> feasible. And showing them how to install is an exercise in futility,
> since most of our students are not computer savvy enough to do it.
yo
Hi,
>* Apache
>* Freeradius
>* Chillispot
>* Mysql
though note that captive portals are easy to mitigate/spoof and circumvent
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >>
> >> -Original Message-
> >> From:
> >>
>
[EMAIL PROTECTED]
> >>
>
[mailto:[EMAIL PROTECTED]
> >> org] On Behalf Of Nazeer Khan
> >> Sent: Monday, January 22, 2007 1:44 PM
> >> To: FreeRadius users maili
Behalf Of Nazeer Khan
Sent: Monday, January 22, 2007 1:44 PM
To: FreeRadius users mailing list
Cc: freeradius-users@lists.freeradius.org
Subject: Re: a freeradious/wireless solution for a school
Hi,
Use EAP-TLS, the most secure one. It will automatically give encryption
key to the clients. U have
Hi German,
You've already had much wisdom; I'm going to try a comprehensive reply
to the whole problem.
In message <[EMAIL PROTECTED]>, gkalinec
<[EMAIL PROTECTED]> writes
I work for a mid-size private school (about 700-800 people on campus), and
I'm trying to set up a way to limit the use o
>> -Original Message-
> >> From:
> >>
>
[EMAIL PROTECTED]
> >>
>
[mailto:[EMAIL PROTECTED]
> >> org] On Behalf Of Nazeer Khan
> >> Sent: Monday, January 22, 2007 1:44 PM
> >> To: FreeRadius users mailing list
> >> Cc: free
: freeradius-users@lists.freeradius.org
Subject: Re: a freeradious/wireless solution for a school
Hi,
Use EAP-TLS, the most secure one. It will automatically give encryption
key to the clients. U have to do onething, install the client
certificates
in the beginning in each client machine that will use
TECTED]
> [mailto:[EMAIL PROTECTED]
> org] On Behalf Of Nazeer Khan
> Sent: Monday, January 22, 2007 1:44 PM
> To: FreeRadius users mailing list
> Cc: freeradius-users@lists.freeradius.org
> Subject: Re: a freeradious/wireless solution for a school
>
>
> Hi,
>
> Use EA
Quoting "King, Michael" <[EMAIL PROTECTED]>:
> You configure your client to use TTLS or PEAP, and upon connecting to
> the network, they will be prompted to enter username and password. If
> they don't have one, they don't get on. If they do have one, they get
> on.
>
This also solves your probl
Without being too subtle, You've mis-understood much of the research
you've read. Don't worry about it, there is quite a bit of
contradictory information out there.
There's quite a bit of background information, so it'll be a little bit
before I mention FreeRADIUS.
First. It's WPA, not WAP. (
@lists.freeradius.org
Subject: Re: a freeradious/wireless solution for a school
Hi,
Use EAP-TLS, the most secure one. It will automatically give encryption
key to the clients. U have to do onething, install the client
certificates
in the beginning in each client machine that will use your wireless and
On 1/18/07, gkalinec <[EMAIL PROTECTED]> wrote:
places on campus for students and staff to access our network. The person
who set these up (my current boss) simply did a MAC access control list on
each AP and made the students and staff come to him to register their
computers. This was a major
Hi,
Use EAP-TLS, the most secure one. It will automatically give encryption
key to the clients. U have to do onething, install the client certificates
in the beginning in each client machine that will use your wireless and
thats it.
There are other options like EAP-PEAP, LEAP etc
Check out for
message in context:
http://www.nabble.com/a-freeradious-wireless-solution-for-a-school-tf3036221.html#a8437548
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
28 matches
Mail list logo
