Re: AT&T WiFi at McDonalds, etc
- From: Jeff Liebermann <jeffl@xxxxxxxxxx>
- Date: Fri, 02 Nov 2007 05:36:59 -0700
John Navas <spamfilter1@xxxxxxxxxxxxxx> hath wroth:
On Thu, 01 Nov 2007 19:03:23 -0700, Jeff Liebermann <jeffl@xxxxxxxxxx>
wrote in <gg0li35j89eic0ni9ofrsfcmkit7hghcec@xxxxxxx>:
John Navas <spamfilter1@xxxxxxxxxxxxxx> hath wroth:
What's really needed is to train users in authentication, but that just
ain't gonna happen, so there's really no point to messing that way.
Nope. You missed my point. The problem I'm trying to solve is
prevent wireless sniffing of hot spot traffic. If the traffic were
encrypted with a unique one time WPA key delivered by a RADIUS server,
sniffing would be impossible. I have a 2nd experimental access point
running this way at a customers, and so far, it's working.
I think you've missed my point. What you propose requires messing with
authentication on the client computer -- it doesn't work that way out of
the box.
If you enable WPA-RADIUS on the access point, and AT&T goes to RADIUS
authentication, then there are no changes that need to be made on the
client end.
All current wireless clients auto detect the method of authentication,
and supply a corresponding dialog box for login if required. The user
types in the login and password and that's all. Both the access point
and the client get a unique WPA key from the RADIUS server, for the
session, which makes it secure. If the system operators need a "Click
OK to assume responsibility" splash page, it can be presented AFTER
the login, and not before as is currently the practice.
I do agree that it doesn't work the way I describe "out of the box".
It requires some configuration on the access point, in addition to the
RADIUS server and SQL server. There's also the nightmare of user
password administration. However, once this is done, a hot spot user,
with an existing account, can simply walk in with a laptop that has no
additional software, login/authenticate via RADIUS, and have a secure
and encrypted wireless connection. At least that's the way I've
experienced it.
What part of the WPA-RADIUS login process doesn't work the way I
described? I did have to manually tinker with the "key supplied by
server" setting with XP Wireless Zero Config, but that was fixed when
I installed some updates. The Buffalo, Netgear, and DLink clients all
connected without this added step. Also, I had a problem when I
changed a users password, as WZC just complained that the login
failed, but didn't bother to supply a new login dialog. That's
apparently a WZC bug as the other clients did it right.
So, what part of the WPA-RADIUS login and authentication process
doesn't work the way I described with the stock XP clients? Note that
I'm not talking about the existing McDonalds/AT&T/Wayport system,
which doesn't use WPA-RADIUS.
--
Jeff Liebermann jeffl@xxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.
- Follow-Ups:
- Re: AT&T WiFi at McDonalds, etc
- From: John Navas
- Re: AT&T WiFi at McDonalds, etc
- References:
- AT&T WiFi at McDonalds, etc
- From: P.Schuman
- Re: AT&T WiFi at McDonalds, etc
- From: dold
- Re: AT&T WiFi at McDonalds, etc
- From: Bill Kearney
- Re: AT&T WiFi at McDonalds, etc
- From: Jeff Liebermann
- Re: AT&T WiFi at McDonalds, etc
- From: John Navas
- Re: AT&T WiFi at McDonalds, etc
- From: Jeff Liebermann
- Re: AT&T WiFi at McDonalds, etc
- From: John Navas
- Re: AT&T WiFi at McDonalds, etc
- From: Jeff Liebermann
- Re: AT&T WiFi at McDonalds, etc
- From: John Navas
- AT&T WiFi at McDonalds, etc
- Prev by Date: Re: Broadband speed but incredibly slow wireless
- Next by Date: Re: Broadband speed but incredibly slow wireless
- Previous by thread: Re: AT&T WiFi at McDonalds, etc
- Next by thread: Re: AT&T WiFi at McDonalds, etc
- Index(es):
Relevant Pages
|
