(RADIATOR) WLAN Auth and OS X

[Jeff Wolfe]

Urs Landis wrote:
> Hi Hugh
> 
> NOW I HAVE A PROBLEM!!!
> 
> After all the tests in the last days, it seems that i can't solve my 
> problem.
> 1. OS X LDAP (and Active Directory) don't accept cleartext passwords 
> (from radiator)
> 2. Radiator can't ServerChecksPassword with TTLS, TLS, PEAP, LEAP, ...
> 3. PAP is the only one that should work with ServerChecksPassword, but 
> PAP isn't supported by Mac OS X nor by Windows XP
> 
> And now????

Hi Urs,

We have radiator configured to authenticate wireless (and wired) 802.1x 
clients to a Kerberos 5 realm using Radiator and EAP-TTLS with PAP. I 
don't know a lot about LDAP, but it would seem to me that TTLS/PAP 
should work with passwords in LDAP, too.

You can use TTLS/PAP with OSX "out of the box" to authenticate where you 
need the cleartext password from the client.

On the windows side, things are a little more unclear.
You might be able to use the "secureW2.com" client for free if you 
qualify for their program. Also, most driver manufacturers are including 
TTLS/PAP supplicants with their drivers now.

I've tested and used the latest driver sets from Dell (trumobile) 
Linksys and Intel (Centrino) so far and they can be configured to work. 
The downside is that each configuration process is different and depends 
on the manufacturer's drivers. In some cases, the process even changes 
substantially between driver versions!

We do this in production with Cisco APs. I've tested Linksys, Apple and 
several other manufacturers and they all work just fine.


-JEff

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.