Wireless Networking - eap-tls without active directory

11-23-2006, 03:52 PM

hello,
i have a client who provides wireless access to separate entities in
the same building.
Right now he's using LEAP and ACS database. Now he would like to move
toward eap-tls because it's the most secured.

Usually, I install eap-tls within a active directory and distribute
machine certificate via global policy. Now the problem is that his
laptops are not in a Active directory domain because they come from
unrelated entities.

My idea was to use a fictionnal active directory just for the database
purpose, and download machine certificate manually via the web. (the
client gets his hand on each laptop to configure LEAP)

Does anybody have a bright idea to deploy certificates without active
directory; I think that no matter what, we need a database and a CA.

Thank your for your suggestions.

liolemaire@gmail.com

11-23-2006, 06:42 PM

In alt.internet.wireless wrote:
>
> Does anybody have a bright idea to deploy certificates without active
> directory; I think that no matter what, we need a database and a CA.
>

A simple box with linux and freeradius.

Peter

--
http://www.boosten.org

Mail: peter at boosten dot org

11-26-2006, 08:26 AM

You could use Zeroshell available at http://www.zeroshell.net/eng/ which is
a small linux distribution available as live cd or compact flash image for
embedded devices. This Linux is easy to use because is web administrable. It
includes a certification authority to distribute x509 certificate and radius
server to authenticate wireless client using 802.1x (eap-tls, peap and
eap-ttls). I am testing it and appears to be very stable and useful. The
best feature I think is the captive portal for hotspots web login.
bye

<> wrote in message
news: oups.com...
> hello,
> i have a client who provides wireless access to separate entities in
> the same building.
> Right now he's using LEAP and ACS database. Now he would like to move
> toward eap-tls because it's the most secured.
>
> Usually, I install eap-tls within a active directory and distribute
> machine certificate via global policy. Now the problem is that his
> laptops are not in a Active directory domain because they come from
> unrelated entities.
>
> My idea was to use a fictionnal active directory just for the database
> purpose, and download machine certificate manually via the web. (the
> client gets his hand on each laptop to configure LEAP)
>
> Does anybody have a bright idea to deploy certificates without active
> directory; I think that no matter what, we need a database and a CA.
>
> Thank your for your suggestions.
>

11-23-2006, 06:42 PM	#2
Peter Boosten Posts: n/a	Re: eap-tls without active directory In alt.internet.wireless wrote: > > Does anybody have a bright idea to deploy certificates without active > directory; I think that no matter what, we need a database and a CA. > A simple box with linux and freeradius. Peter -- http://www.boosten.org Mail: peter at boosten dot org

11-26-2006, 08:26 AM	#3
nuzz Posts: n/a	Re: eap-tls without active directory You could use Zeroshell available at http://www.zeroshell.net/eng/ which is a small linux distribution available as live cd or compact flash image for embedded devices. This Linux is easy to use because is web administrable. It includes a certification authority to distribute x509 certificate and radius server to authenticate wireless client using 802.1x (eap-tls, peap and eap-ttls). I am testing it and appears to be very stable and useful. The best feature I think is the captive portal for hotspots web login. bye <> wrote in message news: oups.com... > hello, > i have a client who provides wireless access to separate entities in > the same building. > Right now he's using LEAP and ACS database. Now he would like to move > toward eap-tls because it's the most secured. > > Usually, I install eap-tls within a active directory and distribute > machine certificate via global policy. Now the problem is that his > laptops are not in a Active directory domain because they come from > unrelated entities. > > My idea was to use a fictionnal active directory just for the database > purpose, and download machine certificate manually via the web. (the > client gets his hand on each laptop to configure LEAP) > > Does anybody have a bright idea to deploy certificates without active > directory; I think that no matter what, we need a database and a CA. > > Thank your for your suggestions. >

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

11-23-2006, 03:52 PM	#1
	eap-tls without active directory hello, i have a client who provides wireless access to separate entities in the same building. Right now he's using LEAP and ACS database. Now he would like to move toward eap-tls because it's the most secured. Usually, I install eap-tls within a active directory and distribute machine certificate via global policy. Now the problem is that his laptops are not in a Active directory domain because they come from unrelated entities. My idea was to use a fictionnal active directory just for the database purpose, and download machine certificate manually via the web. (the client gets his hand on each laptop to configure LEAP) Does anybody have a bright idea to deploy certificates without active directory; I think that no matter what, we need a database and a CA. Thank your for your suggestions. liolemaire@gmail.com