Authorising Clients by Calling Station ID Not IP
Jennyanydots Napoleon Shoehorn
jennyshoehorn at me.com
Mon Oct 24 23:38:48 CEST 2011
Fantastic news ;) !!
We use some ddwrt, openwrt routers, coovap (ubuntu) and higher end Meraki / Ruckus stuff. Might be a pain to configure each.
What about the idea of a common shared secret and then assigning a 'network' or huntgroup to each user. We could then block end users authenticating from a nas with a called-station-id which wasn't in db (or if a network wasn't set).
Just an idea?
On 24 Oct 2011, at 22:26, Arran Cudbard-Bell wrote:
> On 24 Oct 2011, at 23:09, Jennyanydots Napoleon Shoehorn wrote:
>> This is very interesting, really appreciate the replies.
>> Other than using a VPN, how do other wifi providers actually operate securely?
> They don't :)
> It's either VPN or same shared secret. If your equipment is running something like DD-WRT or Open WRT, it should be possible to cross compile FreeRADIUS and setup a RadSec gateway on the Access Point.
> The code works and PKI administration isn't as bad as everyone thinks it is.
> Arran Cudbard-Bell
> a.cudbardb at freeradius.org
> Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users