Authentication configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> -----Original Message-----
> From: wimax-bounces at linuxwimax.org [mailto:wimax-
> bounces at linuxwimax.org] On Behalf Of Dan Williams
> Sent: 01 March 2012 15:20
> To: reric1 at free.fr
> Cc: wimax at linuxwimax.org
> Subject: Re: Authentication configuration
> 
> On Thu, 2012-03-01 at 01:18 +0100, reric1 at free.fr wrote:
> > Hi,
> >
> > we're making trials of various authentication levels on our WiMax
> infrastructure. With the CPEs we have, it's possible just to
> authenticate the client on the AAA using a user/passwd. Is it possible
> to have the same very basic level with linux WiMAx stack and an Intel
> 6250 ? If yes, what does the auhentication section of the .bin file
> should look like ?
> >
> > In case we want to implement EAP-TLS or EAP-TTLS, what certificate
> should we install on the AAA (Freeradius) with respect to those
present
> on the linux wimax client side (cacert.pem ...). On this client what
> should be the configuration (DEVICE, CA...) of the CERT section of the
> EAP node ?
> 
> Everything I've heard about the Intel cards indicates they require EAP
> authentication.  What EAP *methods* they support is something Inaky
> would have to say, but I've only heard of people using EAP-TLS and
EAP-
> TTLS in deployments so far.  I assume if you're using user/pass only
> you'd be using EAP-MD5 or EAP-MSCHAPV2 ?
> 

[Dermot Williams] As far as I know, they only support EAP-TLS, at least
on Windows. You'll also need to get a server certificate that's been
signed by Verisign/Symantec, who are the acting CA for the Wimax Forum.
They're not cheap either since you need to sign up for their Enterpire
MPKI service as well.

Now, that mightn't apply to Linux - it's a while since I've played with
the stack on Linux. It might be possible to edit the entries for your
NSP in the two XML files (one of which is WiMax_def.xml, I can't
remember the other) on the client so that they use EAP-TTLS instead.
That *should* obviate the need for a server certificate but you'll still
need a copy of the Wimax Forum's root CA cert for devices.

Dermot
[Index of Archives]     [Linux Kernel]     [Linux Wireless]     [Linux Bluetooth]     [Linux Netdev]     [Linux Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux