Ticket #853 (closed feature request: invalid)
|Reported by:||armalite@…||Owned by:||juruen@…|
I don't know if it has been asked before (a fast search shows nothing), but I'd like to see in Ebox a Radius module, specifically for Freeradius, the most used (AFAIK) open source radius server, for wireless authentication purposes. The module in its starting version should ask for:
- access point ip address and shared secret;
- list of users (taken from users module) that can (or can't) login via wireless. So, EAP-PEAP should be correct for userid/password authentication. Not sure though if this is the correct place to put this simple ACL. Maybe an external module that associates user-service should work well too;
- a CA certificate, a Server certificate in order to let EAP-TLS authentication (which is certificate-driven) work. That way, distributing certificates to clients will let them authenticate on wlan. A problem should be certificate generation, since wireless certificates needs something special aside "normal" certificates, as stated in many eap-tls howtos found on internet.
This should be good for having a working, single access point radius configuration. Future version could include multiple access points, better ACL (groups, access points), logging and accounting.
Freeradius uses files, LDAP or mysql/postgresql for users and access point configuration.