Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Wifi authentication: RADIUS or LDAP?

0 views
Skip to first unread message

John Ratzlaff

unread,
May 30, 2005, 1:16:37 PM5/30/05
to
I'm planning on installing an Aruba 2400 WLAN switch in our Netware 6
network, for purposes of providing wireless network connectivity. The
Aruba supports authentication via RADIUS or LDAP. Both are available to
me (LDAP in NW6, RADIUS in BMgr 3.7, which we have). Which should I use?
I know zilch about either one... Will either one allow my users to log
in just once? TIA - JR

Jim Michael

unread,
May 31, 2005, 10:29:20 AM5/31/05
to

The only authentication mechanism that makes sense for wireless is to
use 802.1x, which implies a Radius server. The AP talks to the Radius
server, which in turn authenticates against your database (can be local,
LDAP, SQL, whatever). On the client side you will need an 802.1x
"supplicant" (client). While Windows XP ships with one, it is not very
useable in NetWare environments as you can't authenticate to the
wireless network *prior* to logging into eDirectory. To to that, you
need a third-party supplicant such as Funk's Odyssey or the Aegis client.

On the server side, you will not be able to use the BM Radius server. It
does not have the necessary access methods such as EAP-TTLS, PEAP, etc
necessary for wireless authentication, and never will. You will have to
go with either the open source freeRADIUS product, or a commercial
Radius server such as Radiator, Stell Belted Radius, etc.

--
Jim
NSC SYsop

David Gersic

unread,
May 31, 2005, 5:26:37 PM5/31/05
to
On Mon, 30 May 2005 17:16:37 GMT, John Ratzlaff
<jratzla...@nospammpa.candler.nc.us> wrote:

>I'm planning on installing an Aruba 2400 WLAN switch in our Netware 6
>network, for purposes of providing wireless network connectivity.

RADIUS. Specifically FreeRADIUS. See the TUT 145 session from BrainShare 2005,
titled "Configuring eDirectory for 802.11 Wireless Authentication".


---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu

I'm tired of receiving rubbish in my mailbox, so the E-mail address is
munged to foil the junkmail bots. Humans will figure it out on their own.

John Ratzlaff

unread,
May 31, 2005, 6:11:17 PM5/31/05
to
Thanks very much for your response. I've been doing a lot of reading in
this forum and learning a lot. I still want to pursue the original
question, however, because in talking to an Aruba rep, I get the idea
that it (the software in the Aruba 2400) can authenticate (802.1x)
directly with LDAP on the NW server. If so, I could bypass the need to
have a separate RADIUS server. Does that sound possible, or am I off
track? Also, do you have any basis for choosing between the Funk or
Aegis clients? Thanks again for your help! - JR

Jim Michael

unread,
May 31, 2005, 6:19:32 PM5/31/05
to
John Ratzlaff wrote:
> I still want to pursue the original
> question, however, because in talking to an Aruba rep, I get the idea
> that it (the software in the Aruba 2400) can authenticate (802.1x)
> directly with LDAP on the NW server. If so, I could bypass the need to
> have a separate RADIUS server. Does that sound possible, or am I off
> track? Also, do you have any basis for choosing between the Funk or
> Aegis clients?

Well, it's certainly technically possible, yes, just much less common
than Radius. I've only ever seen such functionality in a wireless
"switch" (is that what the Aruba is?) and not an AP, but I guess
anything is possible.


--
Jim
NSC SYsop

0 new messages