[K12OSN] radius

Jason Loughead jason at plug.ca
Thu Mar 18 16:26:32 UTC 2004 

Radius is an excellent tool. I would recommend using it. There's a
number of things to keep in mind with radius. One is that the
authentication scheme can be anything you choose. I would recommend PAM
to keep things simple. Be sure the secret key is the same on the radius
server as on the wireless access point and that PAP is selected as the
auth method. If you have more speceific questions send them to the list.

Jason

http://plug.ca

On Wed, 2004-03-17 at 15:29, Mike Rambo wrote:
> I hope this doesn't sound stupid (but even if it does...).
> 
> I've never dealt with radius before. The legislature here has voted
> money to put laptops with wireless access in the hands of all 6th
> graders in the state. I won't mention anything about how the equipment
> is routinely trashed by the students in the building experimentally
> running this program already (oops - let the cat out of the bag ;). In
> any case, certain things are not funded by the program. One example is a
> process to secure our networks against every tom, dick, and harry that
> wanders near the required wireless access points with their own wireless
> device. Anyway, enough of the background...
> 
> I've been searching for information about radius. None of us here have
> any past experience with it but we need to set something up. I have
> freeradius running. I have a cisco AP350 wireless access point working.
> I have a wireless iBook to play with. I've googled everything I can
> think of but the info I've found is pretty sketchy at best. I think my
> biggest problem is understanding the process that is supposed to occur
> so I can configure everything.
> 
> Can anyone describe the steps in the authentication process when a
> wireless client comes online from the client through the AP, to the
> radius server? I've been told they want the authentication to be by mac
> address rather than a user logon (if that is even possible - seems like
> all the docs for radius talk about authenticating by user at realm). Seems
> to me it might be easier to set up a dhcp server and control routing of
> ip's associated with given mac addresses but that would involve machines
> at all wireless locations and they want all access to be centralized. I
> think I'm stuck configuring freeradius but since I'm not sure what's
> supposed to happen I'm at a loss for what to do next.
> 
> Thanks for any help you can provide.
>

More information about the K12OSN mailing list