Hi all,
Just a quick question here if anyone has used a Windows / Linux RADIUS server along with a Dlink 2100AP ? With RADIUS I am not interested in authentication, I am interested in getting new random keys from the server for TKIP (encryption) in the AP unit.
Thanks, Bob.
On Fri, 05 Nov 2004 23:26:33 GMT, BlueBottle spoketh
When using RADIUS, you get authentication as well as keys. The two cannot be separated.
Lars M. Hansen
On Sat, 06 Nov 2004 22:22:09 GMT, BlueBottle spoketh
The DWL should be defined as a radius client. Your policies (at least in IAS) will define which users (in the Active Directory or Domain) will be allowed access via the available radius client(s).
Actually, upon reviewing what can be done in IAS, you can actually disable authentication altogether, in which case you'd only be getting the keys. However, since TKIP renegotiates keys every so often anyways, using radius simply for that is just adding more complexity where it is not needed.
Lars M. Hansen
Ah, I see. Thats for telling me this !! :) You've saved me a lot of time ! :) So for the DWL2100 units, how would I define them in the RADIUS setup? (That is how would they be described? Same as users???)
Thanks, Bob.
OK, the full picture ! A friend and I are going to share our two networks via two DWL2100's set in bridge-bridge mode. I was wanting to use the TKIP feature (for the hell of it) and was looking (automatically) at using RADIUS. From what you say, I should be able to get just keys from an IAS setup? This is new to me (IAS) so I don't have much to ask about that yet !! :) IAS runs under Win2K / Win2K server? This would be a much better option for me since I already have one of those builds in place.
Cheers, Bob.
On Sun, 07 Nov 2004 01:24:43 GMT, BlueBottle spoketh
IAS = Internet Authentication Service, and is Microsofts implementation of a RADIUS server. I put up a couple of pages on my website on how to use RADIUS with wireless access points, and you might find that helpful. I'm not sure if you'll need the Certificate service installed if you're not going to use the authentication piece...
I should remind you, though, that when using TKIP, you already have dynamic key exchange, and using the radius server only for this purpose is not really necessary.
Lars M. Hansen
Thanks for the link. Although I do not have Win2003 or Win server I will use your pages to investigate this further.
Again, thanks for all you help. Bob. EU.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.