WiMAX_DB.bin/WiMAX_Def.bin description

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We (Imagine) tested with TTLS/MSCHAP2 during our initial trials with Intel chipsets. I'm 99.9% certain we were using an internal (to Intel) version of the drivers as well as some Intel-internal configuration tools. This was on Windows laptops as well so YMMV.

Dermot

-----Original Message-----
From: wimax-bounces at linuxwimax.org [mailto:wimax-bounces at linuxwimax.org] On Behalf Of I?aky P?rez-Gonz?lez
Sent: 6 Bealtaine 2011 00:37
To: batcilla itself
Cc: wimax at linuxwimax.org
Subject: Re: WiMAX_DB.bin/WiMAX_Def.bin description

On Thu, 2011-05-05 at 11:29 +0300, batcilla itself wrote:
> 2011/5/5 I?aky P?rez-Gonz?lez <inaky at linux.intel.com>:
> > On Fri, 2011-04-29 at 10:11 +0300, batcilla itself wrote:
> > ...
> >>
> >>         The intel WiMAX hw doesn't work without client authentication.
> >>         It cannot
> >>         be disabled, so that's probably it.
> >>
> >>
> >>
> >> Than, how it work with Freshtel/Ukraine?
> >> They use Captive portal for authorizing users and unrestricted entry
> >> and access to their web, for at least ImPAD 0410 hardware, which has
> >> Intel 6250 inside. It is working from Windows 7 32 bit with Intel
> >> driver (may be customized for Freshtel/Ukraine).
> >> AFAIK they not use EAP-TLS with device certificates, for USB sticks
> >> they use EAP-TTLS/MSCHAPv2 so there is need to enter realm and
> >> password.
> >> But for Intel hardware there is nothing to enter and network
> >> connected. Internet service is allowed after authentication over
> >> Captive portal.
> >> I have this hardware in my possession, but has problem with Linux on
> >> it, because it is a tablet and recent Linux distro has no driver for
> >> touchscreen.
> >
> > The communication is still encrypted with TLS.
> >
> > The system (card and base station) establish a crypted pipe, using as
> > TLS id the MAC at freshtel.com.ua (where MAC is the MAC address of the
> > card). Because the card has a certificate signed by the WiMAX Forum
> > which validates the MAC address, the basestation can assume that your
> > card is a 'legal' card and a crypted link is established.
> >
> > Now, you use captive portal to actually get service, but that's a
> > business level decision on doing it like that. Once you swipe your card
> > in the portal, your MAC address is probably associated to your account
> > and given straight access next time you connect ... until your
> > subscription runs out, and then you are sent to the portal again :)
> >
> >
> I see your point, but encrypted tunnel usually built between AAA
> server (ASNGW may have internal or external, some BS may have
> integrated may be in same rack unit) and CPE, not between BS and CPE.
> In this scenario mac at freshtel.com.ua is OuterNAI (anonymous id), which
> allow access to network, but
> not to service. In same time USB uses EAP-TTLS/MSCHAPv2 to bypass
> captive portal, because InnerNAI/password are same as for a captive
> portal. E.g. in that scenario BS use 2 types of authorization at same
> time?

Those are details I am not aware of -- all I am saying is that Intel
devices won't connect to a basestation without a crypto link with the
proper certificate exchange and verification.

> Is it possible to use Intel driver with EAP-TTLS/MSCHAPv2?

It is, yes. Reports of success have been heard in the UQ network in
Japan, which is to the best of my knowledge, TTLS/CHAP2.



_______________________________________________
wimax mailing list
wimax at linuxwimax.org
http://lists.linuxwimax.org/listinfo/wimax


[Index of Archives]     [Linux Kernel]     [Linux Wireless]     [Linux Bluetooth]     [Linux Netdev]     [Linux Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux