Using RADIUS and DLink2100AP

[bluebottle]

Archived from groups: alt.internet.wireless (More info?)

Hi all,

Just a quick question here if anyone has used a Windows / Linux RADIUS
server along with a Dlink 2100AP ?
With RADIUS I am not interested in authentication, I am interested in
getting new random keys from the server for TKIP (encryption) in the AP
unit.

Thanks,
Bob.

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

On Fri, 05 Nov 2004 23:26:33 GMT, BlueBottle spoketh

>Hi all,
>
>Just a quick question here if anyone has used a Windows / Linux RADIUS
>server along with a Dlink 2100AP ?
>With RADIUS I am not interested in authentication, I am interested in
>getting new random keys from the server for TKIP (encryption) in the AP
>unit.
>
>Thanks,
>Bob.

When using RADIUS, you get authentication as well as keys. The two
cannot be separated.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

 

[bluebottle]

Archived from groups: alt.internet.wireless (More info?)

In article <tckpo0ltqki02o05nft33vls8a1vf4c6tn@4ax.com>,
badnews@hansenonline.net says...
> On Fri, 05 Nov 2004 23:26:33 GMT, BlueBottle spoketh
>
> >Hi all,
> >
> >Just a quick question here if anyone has used a Windows / Linux RADIUS
> >server along with a Dlink 2100AP ?
> >With RADIUS I am not interested in authentication, I am interested in
> >getting new random keys from the server for TKIP (encryption) in the AP
> >unit.
> >
> >Thanks,
> >Bob.
>
> When using RADIUS, you get authentication as well as keys. The two
> cannot be separated.
>
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'news' in e-mail address)
>
Ah, I see.
Thats for telling me this !! You've saved me a lot of time !
So for the DWL2100 units, how would I define them in the RADIUS setup?
(That is how would they be described? Same as users???)

Thanks,
Bob.

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

On Sat, 06 Nov 2004 22:22:09 GMT, BlueBottle spoketh

>Ah, I see.
>Thats for telling me this !! You've saved me a lot of time !
>So for the DWL2100 units, how would I define them in the RADIUS setup?
>(That is how would they be described? Same as users???)
>
>Thanks,
>Bob.

The DWL should be defined as a radius client. Your policies (at least in
IAS) will define which users (in the Active Directory or Domain) will be
allowed access via the available radius client(s).

Actually, upon reviewing what can be done in IAS, you can actually
disable authentication altogether, in which case you'd only be getting
the keys. However, since TKIP renegotiates keys every so often anyways,
using radius simply for that is just adding more complexity where it is
not needed.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

 

[bluebottle]

Archived from groups: alt.internet.wireless (More info?)

In article <dkoqo0p1mv5t020h246vsp0rskrsmu4316@4ax.com>,
badnews@hansenonline.net says...
> On Sat, 06 Nov 2004 22:22:09 GMT, BlueBottle spoketh
>
> >Ah, I see.
> >Thats for telling me this !! You've saved me a lot of time !
> >So for the DWL2100 units, how would I define them in the RADIUS setup?
> >(That is how would they be described? Same as users???)
> >
> >Thanks,
> >Bob.
>
> The DWL should be defined as a radius client. Your policies (at least in
> IAS) will define which users (in the Active Directory or Domain) will be
> allowed access via the available radius client(s).
>
> Actually, upon reviewing what can be done in IAS, you can actually
> disable authentication altogether, in which case you'd only be getting
> the keys. However, since TKIP renegotiates keys every so often anyways,
> using radius simply for that is just adding more complexity where it is
> not needed.
>
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'news' in e-mail address)
>

OK, the full picture ! A friend and I are going to share our two
networks via two DWL2100's set in bridge-bridge mode. I was wanting to
use the TKIP feature (for the hell of it) and was looking
(automatically) at using RADIUS.
From what you say, I should be able to get just keys from an IAS setup?
This is new to me (IAS) so I don't have much to ask about that yet !!
IAS runs under Win2K / Win2K server? This would be a much better option
for me since I already have one of those builds in place.

Cheers,
Bob.

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

On Sun, 07 Nov 2004 01:24:43 GMT, BlueBottle spoketh

>
>OK, the full picture ! A friend and I are going to share our two
>networks via two DWL2100's set in bridge-bridge mode. I was wanting to
>use the TKIP feature (for the hell of it) and was looking
>(automatically) at using RADIUS.
>From what you say, I should be able to get just keys from an IAS setup?
>This is new to me (IAS) so I don't have much to ask about that yet !!
>IAS runs under Win2K / Win2K server? This would be a much better option
>for me since I already have one of those builds in place.
>
>Cheers,
>Bob.

IAS = Internet Authentication Service, and is Microsofts implementation
of a RADIUS server. I put up a couple of pages on my website on how to
use RADIUS with wireless access points, and you might find that helpful.
I'm not sure if you'll need the Certificate service installed if you're
not going to use the authentication piece...

I should remind you, though, that when using TKIP, you already have
dynamic key exchange, and using the radius server only for this purpose
is not really necessary.

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

 

[bluebottle]

Archived from groups: alt.internet.wireless (More info?)

Thanks for the link. Although I do not have Win2003 or Win server I
will use your pages to investigate this further.

Again, thanks for all you help.
Bob.
EU.