Site Navigation

Date:      Fri, 20 Oct 2017 07:32:55 +0200
From:      =?utf-8?Q?Peter_Ankerst=C3=A5l?= <peter@pean.org>
To:        Charles Sprickman <spork@bway.net>
Cc:        Stefan Bethke <stb@lassitu.de>, FreeBSD Stable <freebsd-stable@freebsd.org>, Chris Ross <cross+freebsd@distal.com>
Subject:   Re: 802.1X authenticator for FreeBSD
Message-ID:  <82E419D4-4FB4-402A-ACC9-C58D498461BE@pean.org>
In-Reply-To: <3F040A9B-B03F-4FD5-B1DC-70BD8AFCC829@bway.net>
References:  <C34FB467-C2DB-4B59-9DD2-2491E7A136F1@pean.org> <AE175682-AD2B-4DAC-AF4C-3B6F3CDB7449@distal.com> <2D461E1D-895F-4D31-9834-A40DEF02F121@pean.org> <4F45AC20-57F9-4246-836E-4F1C1D01FAC2@lassitu.de> <2B2D49E0-F804-4557-9DB5-A915A8578070@pean.org> <3F040A9B-B03F-4FD5-B1DC-70BD8AFCC829@bway.net>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]


> On 18 Oct 2017, at 21:39, Charles Sprickman <spork@bway.net> wrote:
> 
> 
>> On Oct 18, 2017, at 1:10 PM, Peter Ankerstål <peter@pean.org> wrote:
>> 
>>> 
>>> I’m under the impression that the authenticator function in a wired network is usually part of the switch, and the switch will talk to some authentication server like RADIUS, giving it the port number of the connected device and additional information.
>>> 
>>> If FreeBSD had such a function, I think it would be limited to point-to-point Ethernet links, 802.1x being a link-layer protocol.
>>> 
>> 
>> Yes I know, but this is functional in hostapd for Linux and it would be nice to have it in FreeBSD as well. 
> 
> I’m not seeing this in FreeBSD, but pfsense does claim to support 802.1x for wifi.
> 
> I just happen to be reading about radius (last I used it was for dialup) for wifi auth and the quick overview on the radius side of things is that the AP software sends your auth info as well as MAC and a bunch of other stuff, and the radius server (much like dialup) sends back all sorts of info beyond auth success/fail - session timeout, info on what VLAN the client may be on, firewall policies, etc. Pretty cool stuff.

802.1X (or WPA2 Enterprise) works fine with hostapd for wireless in FreeBSD. Well, the authentication at least. I havent tried assigning clients to specific vlans and so on but according to the documentation it is possible.
[-- Attachment #2 --]
0�	*�H��

��0�

10	+0�	*�H��


���0��0�ʠ
k��}
׈�Q
�Y���0
	*�H��


0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
151216010005Z
301216010005Z0u10	UIL10U

StartCom Ltd.1)0'U StartCom Certification Authority1#0!UStartCom Class 1 Client CA0�
"0
	*�H��



�
0�

�

�}��â}��[���[_�u����$��Wy�5�	|̔
�v�n�qY�)\a�L$d��Y��G|B"�Q�Ǥ��ĩ�VD�#'��F����	�k9O�_]�*��ςz�_k�U.u3��r	�#�:���C<o��g��T)�K�
�Xah8�v�[�\Kq�dlO�)3+u�7�J5�"�;�[��v�f�L/"2ϩ�J�#����4ד�[�U�� ��T��B,�a��˖������a�7H���<����=q�

��
d0�
`0U

�
0U%0+
+
0U

�0

�
02U+0)0'�%�#�!http://crl.startssl.com/sfsca.crl0f+


Z0X0$+
0
�http://ocsp.startssl.com00+
0�$http://aia.startssl.com/certs/ca.crt0U$�l9a�I��F+�(�'Hmh0U#0�N��@[�i�0�4hC�A��0?U 80604U 0,0*+

http://www.startssl.com/policy0
	*�H��


�
�����
���
[��#'#�4�pnRۡ�ЗN�⛭`�]K"#H��*߷Թ�ψ;U��A8���Ҟ�eg{�ozm�Y���E60�A��)wXRK��6�c^�-��A���l������^�k[���'�:�G=��;�oLv��{�$B�5�;8�b�,ZP��4���{o[-�໢j��	��׏m)��[땭��[�����������4	s.c�|�Ҵ�v���YLJ<��|��ӯgu�0�j�D2
@�h�l+�:��j�\�ze_ևa@���HyM�H�I�Nxp�����K?�%	㤺R�C�����:=�?^��&�����7��m´)����A�2;E~�V�B��1���$�EvcKj؝(O��o�پU`"$��a����;ҡ��j�0����$�&<��$ۊ+
�/�xjz���b�,7�}W*�1�ܺ���t
��Dv#�8�K
%^�������P�>��/i�?�)yR�uQ��g^���z���`~�sP��9��0��0�Ӡ
��!_��,4J�:�30
	*�H��


0u10	UIL10U

StartCom Ltd.1)0'U StartCom Certification Authority1#0!UStartCom Class 1 Client CA0
170126201430Z
200426201430Z0810Upeter@pean.org10	*�H��

	
peter@pean.org0�"0
	*�H��



�0�
�
ܩ��߳7������+���KV�~�_�&��&��,T�G��z�N�G��;���"Jvx��2���'�>��3:7�C�1j����>�̊����p���'VG���*��J��@D:�O��%�a���2K�
��@�Z�(*�xz�	1��9{�������<}2���h{�7��S&�X�A��o������&YQ�=Q����	�ߑw�F�d̠��&&/hL�_�����}����:Wd�j,
>�֫��B%��T�K��͌��֩b��2u�L��L��X
'���Ş#4�̔rFN�����8��Ϡ%����A�XM���&�xw�����P�)WQ�qJ�:�,0{�+Z�J�jFD�>{�!�h�
�ŎǓ��i8𕭙��n����E��q���-Ta�	ए&-e&m�ʓ[�̛�����TF�-�u+�Y�eQN?��6Y�|D p5�� F�p��B'��M����l��Nw��?3���(z
�N�>l��4eh�s0�;�

��
�0�
�0U

��0U%0+
+
0	U00U�
��t�n#�����I��0U#0�$�l9a�I��F+�(�'Hmh0o+


c0a0$+
0
�http://ocsp.startssl.com09+
0�-http://aia.startssl.com/certs/sca.client1.crt08U10/0-�+�)�'http://crl.startssl.com/sca-client1.crl0U0�peter@pean.org0#U0�http://www.startssl.com/0GU @0>0<+

��7
0-0++

https://www.startssl.com/policy0
	*�H��


�

�)��:
�rt!�}��2��'PUܐ'a�s�y�҈��/u�����#T2-�_`�Tb�5���O�II��Ei�%�P��n��\�V[�AR�+|������X����$���.��"T8�s�Q��33	��&j'��K����bE�#�u(�j9�ʰ�
C��w�YlN;�:��?'�5`�:9%e�#��!3�]:��#u��%1J}�p`��H�e�zOM6��wù��(�Mi��=�N�� ���`���kq��,#1�N0�J

0��0u10	UIL10U

StartCom Ltd.1)0'U StartCom Certification Authority1#0!UStartCom Class 1 Client CA��!_��,4J�:�30	+��
�0	*�H��

	1	*�H��


0	*�H��

	1
171020053256Z0#	*�H��

	1	MI�b�b���^���(}g0��	+

�71��0��0u10	UIL10U

StartCom Ltd.1)0'U StartCom Certification Authority1#0!UStartCom Class 1 Client CA��!_��,4J�:�30��*�H��

	1�����0u10	UIL10U

StartCom Ltd.1)0'U StartCom Certification Authority1#0!UStartCom Class 1 Client CA��!_��,4J�:�30
	*�H��



�&�*o�}�7v�_���tƼ��p�4eJ��M�?X9��z�v����TB�4ei���8�����l�e.x�o�`��X�Twq�E@���[�L����yz.$��R�O����_\�r�����$�ߖp���lGt�-�?�Z��k����>�ݸ����p��7��T��4Zk�ݍn�U�?���X7=؞��Mo��M�v��C	E�Z�?RN��c,ɸ��]<]��z�
-Q�$u�K<�����{��X?��?g�n�HҜ["G𚨋<���/��_�<���l
(#�W��i�¿`��֋i�ۉ4&���zv
��e]o{M.�K���ꄛ�k�n�4�����leZ�	���\yD;��r$a��,dD@�0�9nQ�)N.�E$v���5�R�Їq���L|0���[�ըi��ɟ'��������f���\������t\��u,�vC�f!�I�V���O�����Y��8vU�F�{�Bs'YAZ^��zt�]��q��K�{�

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?82E419D4-4FB4-402A-ACC9-C58D498461BE>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact