Janakan: 1. The password is cached after the first successful connection, so that can be a problem if a desktop or profile is shared by mulitple people. Yes, once it makes the connection the AP, all this happens (after the first authentication) in the background. 2. The website for FreeRADIUS is here: http://www.freeradius.org/ The main page mentions support for: EAP-MD5, EAP-SIM, EAP-TLS, EAP-TTLS, EAP-PEAP, and Cisco LEAP sub-types. Regards, Frank
>>> "Janakan Rajendran" <[EMAIL PROTECTED]> Monday, September 20, 2004 4:29:55 PM >>> Frank:Thanks for your replies again. Ok. I understand I need the client (supplicant) to authenticate with RADIUS. I have few questions based on your previous mail.If I decided to use the native client of windows xp, when the user wishes to join wireless network, how could he initiate the authentication process, or is it automatic?( Because I could see the configuration on Wireless network with CHAP and stuffs, but how could I start the authentication process. Also, in the beginning if the user is not login to the domain, he might have to initiate somehow the authentication.) Does the native clients for windows and the funk and meetinghouse, work with free RADIUS? Thank you,Sincerely,Janakan Rajendran From: Frank Bulk [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 1:48 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [wirelesslan] Few implementation doubts Janakan: EAP is a Layer-2 method, so the user is authenticated BEFORE receiving an IP address. But because it's Layer-2, they won't be able to use a web-browser and URL to perform that authentication, because that requires Layer 3. What happens is that an 802.1X client or supplicant is used to provide the client-interface to the authentication scheme. Native clients are available for Win2K, XP, and OS X. There are free ones for Linux, and possibly some others for Win9x. Of course, you can purchase supplicants from Funk Software and Meetinghouse, but I think you mentioned the word free. I've never personally implemented this, so perhaps others in the group can chime in with their actual user experiences. Frank >>> "Janakan Rajendran" <[EMAIL PROTECTED]> Monday, September 20, 2004 12:17:51 PM >>> Thanks Frank for your reply. I will do research on PEAP. Further, as I mentioned, Id like to assign IP to the WLAN users using my DHCP server and Id like the users to get authenticated by LDAP before assigning the IP. How do I that? My thought is to have a URL and if the users go the URL, they will be asked for their user name and password which is authenticated by my AD. Once they authenticated then they will be assigned the IP. Is it possible?Awaiting for reply,Regards,Janakan Rajendran From: Frank Bulk [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 7:53 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [wirelesslan] Few implementation doubts Janakan: If you are using Active Directory you might want to consider implementing PEAP in conjunction with Active Directory's support for RADIUS. If you want to do something different like TTLS or LEAP, you could install a Cisco ACS server that can backend to your Active Directory. As for collecting MAC addresses, I will hazard a guess and suggest that either the Win2K/2K03' RADIUS server or ACS could log all connection, such that over time you could extract the MAC address from the file. If these users normally log into a domain, you could also run a logon script that could export to a text file the MAC addresses of all their network interfaces. While I'm not sure of any free Linux-based software for WEP key management, I know there is a RADIUS server that runs on Linux called FreeRADIUS. That could help with your authentication of TTLS and whatever other EAP methods it supports. Regards, Frank >>> [EMAIL PROTECTED] Saturday, September 18, 2004 8:17:45 PM >>> Hi, I have few doubts in WLAN implementation (802.11a/b/g, dual band, tri-mode). Well, I want to authenticate users with LDAP (Active Directory) as I have a list of users in my domain. Also, I want the users to get IP from my DHCP server How do I do that? I'd be implementing all Cisco APs..If anyone has implemented with LDAP user authentication and also dynamic IP with DHCP, plz give your inputs. Also, if I want to provide MAC filtering, what is the easiest way to collect user's MAC address rather than doing it manually? (As the number of users will be in 1000). Is there any java script and using webpage can I get the user's MAC address and later add that to my MAC table? Also, I'd like to know is there any Linux based free softwares available for WEP key management(as a dynamic server to assign WEP key to users per session). I am much concerned about the security. Any inputs related to that also would be appreciated Anticipating responses from the experienced users. Thank you, Sincerely, Janakan Rajendran [Non-text portions of this message have been removed] ------------------------ Yahoo! Groups Sponsor --------------------~--> Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar. Now with Pop-Up Blocker. Get it for free! http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/5AhqlB/TM --------------------------------------------------------------------~-> ******* Wireless LAN Weblog - WLAN Forum http://www.wireless--lan.com/ Wireless LAN Search http://search.freefind.com/find.html?id=6750665 Wireless LAN Jobs - WLAN Jobs http://groups.yahoo.com/group/wlanjobs/ http://www.azhttp.com/ <a href="http://www.azhttp.com/";> Arizona High Tech Talent Partnership</a> http://www.science-fairs.com/ <a href="http://www.science-fairs.com/";> Science Fairs</a> If you got this from someone else you can join at http://groups.yahoo.com/group/wirelesslan/ or mailto:[EMAIL PROTECTED] To unsubscribe: mailto:[EMAIL PROTECTED] Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/wirelesslan/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
