Environment
FreeRADIUS
Novell SUSE Linux Enterprise Server 9 or 10
Novell SUSE Linux Enterprise Server 9 or 10
Situation
This document describes the relationship of a RADIUS server in
conjunction with a wireless network authentication, referred to by
it's IEEE specification of IEEE802.1x (referred to as Extensible
Authentication Protocol, or EAP, throughout this document).
Resolution
When performing a wireless authentication, there are three separate
entities :
The majority of EAP extensions require having the password in plain text on the RADIUS server side. For this reason, the source of the authentication credentials should be protected, using permissions, or authorization.
In the case of the FreeRADIUS package included with SUSE Linux distributions, it has been compiled with the appropriate options to allow authentication against an eDirectory server. Instructions on how to do this can be found using TID 3009668 for additional information.
- The workstation- this typically has a Network Authentication mechanism installed
- The access point orswitch- this is what the workstation is connecting to, and is pointed to a RADIUS server.
- The RADIUS server - this device is what grants or denies access to services using the RADIUS protocol.
The majority of EAP extensions require having the password in plain text on the RADIUS server side. For this reason, the source of the authentication credentials should be protected, using permissions, or authorization.
In the case of the FreeRADIUS package included with SUSE Linux distributions, it has been compiled with the appropriate options to allow authentication against an eDirectory server. Instructions on how to do this can be found using TID 3009668 for additional information.