Subject: | |
From: | |
Reply To: | |
Date: | Wed, 2 Aug 2006 00:15:13 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Perfigo SecureSmart and CleanMachines Discussion List
<[log in to unmask]> writes:
>Well, for CCA, we authenticate directly to Novell LDAPS, no middleman
>needed. We also use FreeRADIUS for accounting. Looking into
>FreeRADIUS + Novell for wireless and other misc. AAA stuff.
Ok so it turns out that Macs have no problem authenticating to ACS/WiSM
because they can be set to use EAP-GTC but WinXP cannot and tries to use
MS-CHAPv2. Your 3rd party wireless adapter software might however.
Dell's software does at least for the laptop I tried - I forget the make
of wireless nic or maybe it works for all Dells.
Or you can use Aegis Secure Connect
(http://mtghouse.com/products/aegis_solutions.asp), which Cisco just
acquired (http://www.internetnews.com/infra/article.php/3618586).
Hopefully Cisco will release a free version of it sometime. So ACS works
fine with WiSM but as of ACS v4.0 it doesn't pass MS-CHAPv2 through to
LDAP and WinXP does not do EAP-GTC. One could scrap ACS and deal with it
on the backend, or standardize on software that does EAP-GTC on the
client, or punt the problem to users to find out if their wireless nic has
software that will do EAP-GTC and/or purchase an Aegis client, or support
an unencrypted wireless vlan for limited functions for those who can't
meet your security requirements for encrypted traffic. I don't want to
scrap ACS, especially since Cisco purchasing Aegis leads me to believe the
problem will be rectified soon. So we'll do some combination of the other
options.
Mark
|
|
|