Wednesday, July 21, 2004
802.1x Supplicant Clients
I'm contemplating deploying 802.1x on our wireless network and am trying to
decide whether to use EAP-MD5, EAP-TLS, EAP-TTLS or EAP-PEAP for authentication.
Ideally I'd like to use PEAP because it is the most flexible. However I
need to know that it'll work on all operating systems. So off I go hunting
for PEAP-capable suplicants for all the major operating systems in use here
...
Microsoft Windows XP:
Built in client does PEAP with MSCHAPv2, TLS or MD5-Challenge
Microsoft Windows 2000:
Service pack 4 includes a
802.1x Authentication
Client. This can be installed on machines running SP3. Does PEAP with
MSCHAPv2 or TLS. There is a
document
available on getting 802.1x to work.
Microsoft Windows ME:
Who knows? Does anyone use ME? Certain vendors (like
Intel)
provide supplicants with their drivers. They may or may not support PEAP.
Microsoft Windows 98:
If you're a premier or alliance organisation, you can get a Microsoft
client. We're not, but the CS dept might be. Other
Microsoft Pocket PC 2002
Pocket PC 2002 & 2003 have a M$ supplied supplicant (which must do PEAP), but it may not be installed
by all OEM vendors. Check with your vendor or look
on the web.
Linux
Xsupplicant supports PEAP with
MSCHAPv2. O'Reilly have an
article about this.
Other Unices
Xsupplicant is in the process of being
ported
to FreeBSD.
commercial clients are available for Solaris.
Mac OS-X
OSX 10.3.x "Panther" has built in support for 802.1x, including
PEAP+MSCHAPv2 support.
See also http://www.missl.cs.umd.edu/Projects/wireless/8021x/.
And then there is the AEGIS client that
does PEAP+MSCHAPv2 (and TTLS, MD5, etc)on just about anything (Windows XP,
2000, NT, 98, ME, Pocket PC 2002, CE.Net, Mac OS-X, Palm Tungsten, Solaris
8, Linux). If you have money to burn.
Perhaps I need to look at TTLS ... All the above support TTLS, and there are
more authentication methods available.
A free TTLS client for 2000/XP is available from Alfa & Ariss. Xsupplicant will handle
the linux/BSD world.
I guess it'll be a combination of the two. And damn those 98 users.
posted by guy at: 22:12 SAST |
path: /systems |
permanent link
