Date: Fri, 20 Oct 2017 07:32:55 +0200 From: =?utf-8?Q?Peter_Ankerst=C3=A5l?= <peter@pean.org> To: Charles Sprickman <spork@bway.net> Cc: Stefan Bethke <stb@lassitu.de>, FreeBSD Stable <freebsd-stable@freebsd.org>, Chris Ross <cross+freebsd@distal.com> Subject: Re: 802.1X authenticator for FreeBSD Message-ID: <82E419D4-4FB4-402A-ACC9-C58D498461BE@pean.org> In-Reply-To: <3F040A9B-B03F-4FD5-B1DC-70BD8AFCC829@bway.net> References: <C34FB467-C2DB-4B59-9DD2-2491E7A136F1@pean.org> <AE175682-AD2B-4DAC-AF4C-3B6F3CDB7449@distal.com> <2D461E1D-895F-4D31-9834-A40DEF02F121@pean.org> <4F45AC20-57F9-4246-836E-4F1C1D01FAC2@lassitu.de> <2B2D49E0-F804-4557-9DB5-A915A8578070@pean.org> <3F040A9B-B03F-4FD5-B1DC-70BD8AFCC829@bway.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_68D90BAD-AF91-4C37-95F7-4BDBB263CD00 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 18 Oct 2017, at 21:39, Charles Sprickman <spork@bway.net> wrote: >=20 >=20 >> On Oct 18, 2017, at 1:10 PM, Peter Ankerst=C3=A5l <peter@pean.org> = wrote: >>=20 >>>=20 >>> I=E2=80=99m under the impression that the authenticator function in = a wired network is usually part of the switch, and the switch will talk = to some authentication server like RADIUS, giving it the port number of = the connected device and additional information. >>>=20 >>> If FreeBSD had such a function, I think it would be limited to = point-to-point Ethernet links, 802.1x being a link-layer protocol. >>>=20 >>=20 >> Yes I know, but this is functional in hostapd for Linux and it would = be nice to have it in FreeBSD as well.=20 >=20 > I=E2=80=99m not seeing this in FreeBSD, but pfsense does claim to = support 802.1x for wifi. >=20 > I just happen to be reading about radius (last I used it was for = dialup) for wifi auth and the quick overview on the radius side of = things is that the AP software sends your auth info as well as MAC and a = bunch of other stuff, and the radius server (much like dialup) sends = back all sorts of info beyond auth success/fail - session timeout, info = on what VLAN the client may be on, firewall policies, etc. Pretty cool = stuff. 802.1X (or WPA2 Enterprise) works fine with hostapd for wireless in = FreeBSD. Well, the authentication at least. I havent tried assigning = clients to specific vlans and so on but according to the documentation = it is possible.= --Apple-Mail=_68D90BAD-AF91-4C37-95F7-4BDBB263CD00 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIL1TCCBeIw ggPKoAMCAQICEGunin0K14jWUQr5WeTntOEwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UEBhMCSUwx FjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmlj YXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X DTE1MTIxNjAxMDAwNVoXDTMwMTIxNjAxMDAwNVowdTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0 YXJ0Q29tIEx0ZC4xKTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMw IQYDVQQDExpTdGFydENvbSBDbGFzcyAxIENsaWVudCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAL192vfDon2D9luC/dtbX64eG3XAtRmvmCSsu1d52DXsCR58zJQbCtB2/A5uFqNx WacpXGGtTCRk9dEDBlmixEd8QiLkUfvHpJX/xKnmVkS6Iye8wUbYzMsDzgnpazlPg19dnSqfhM+C evdfa89VLnUztRr2cgmCfyO9Otrh7LJDPG+4D8ZnAqDtVB8MKYJL6QgKyVhhaBc4y3bGWxKyXEtx 7QIZZGxPwSkzK3WIN+VKNdkiwTubW5PIdopmykwvIjLPqbJK7yPwFZYekKE015OsW6FV+s4DIM8U lVS8pkIsoGGJtMuWjLL4tq2hYQuuN0jhrxK1ljz50hH23gA9cbMCAwEAAaOCAWQwggFgMA4GA1Ud DwEB/wQEAwIBBjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEgYDVR0TAQH/BAgwBgEB /wIBADAyBgNVHR8EKzApMCegJaAjhiFodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmww ZgYIKwYBBQUHAQEEWjBYMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5zdGFydHNzbC5jb20wMAYI KwYBBQUHMAKGJGh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL2NhLmNydDAdBgNVHQ4EFgQU JIFsOWG+SQ+PtxtGK8kotSdIbWgwHwYDVR0jBBgwFoAUTgvvGqRAW6UXaYcwyjRoQ9BBrvIwPwYD VR0gBDgwNjA0BgRVHSAAMCwwKgYIKwYBBQUHAgEWHmh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3Bv bGljeTANBgkqhkiG9w0BAQsFAAOCAgEAi+P3h+wBi4StDwECW5zhIycjBL008HACblIf26HY0JdO ruKbrWDsXUsiI0j/7Crft9S5oxvPiDtVqspBOB/y5uzSns1lZwh7sG96bYBZpcGzGxpFNjDmQbcM 3yl3WFIRS4WhNrsOY14V7y2IrUGsvetsD+bjyOngCIVeC/GmsmtbuLOzJ606tEc9uRbhjTu/b0x2 Fo+/e7UkQvKzNeo7OMhijixaULyINBfCBJb+e29bLafgu6JqjOUJ9eXXj20p6q/CW+uVrZiSW57+ q5an2P2i7hP85jQJcy5j4HzA0rSiF3YPhKGAWUxKPMAVGgcYoXzWydOvZ3UDsTDTagXpRDIKQLZo 02wrlxY6iMFqvlzsemVf1odhQJmi7Eh5TbxI40kDGcBOBHhwnaOumZhLP+SWJQnjpLpSlUOj95uf 1zo9oz9e0NgIJoz/tdfrBzez76xtDsK0KfUDHt1/q59BvDI7RX6gVr0fQoCyMczNzCTcRXYHY0tq 2J0oT+bsb6sH2b4WVWAiJKnSYaWDjdA70qHX4mq9MIjO/ZskmSY8wtAk24orAc0vwXgYanqNsBX5 Yv4sN4Z9VyrwMdLcusP7HJgRdAGKpkR2I9U4zEsNJQJewM7S4Jalo1DyPrLpL2nTET8ZrSl5Utp1 UeGp/2deoprGevfnxWB+vHNQiu85o6MwggXrMIIE06ADAgECAhAVg7EhX8r2LDRKhDrOrr8zMA0G CSqGSIb3DQEBCwUAMHUxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYD VQQLEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRDb20g Q2xhc3MgMSBDbGllbnQgQ0EwHhcNMTcwMTI2MjAxNDMwWhcNMjAwNDI2MjAxNDMwWjA4MRcwFQYD VQQDDA5wZXRlckBwZWFuLm9yZzEdMBsGCSqGSIb3DQEJARYOcGV0ZXJAcGVhbi5vcmcwggIiMA0G CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDcqYms37M3iO33p6LWK/fj7JFLGVacfvZf4CaHyg8m jY4sVP9HzeB6A/FOk0fvxDvK0Q7dIkoQdniS7DKcsBXpJ5s+tpszOhQ36RpD3B0xao3z0sI+9MyK 6IDu7pjxunC5qLYnVkcDjBPJ0X8qyR/bSvUQ3kBEOppPs8ol8GHsiRSy3TJL2wGapAdA+1r2KCqe eHrrCTGj4Dl7xvgUkfii6wShPH0yu66raHvdN6DHUyb1EFgS70HZ22+HuffqGvOB+iZZUeE9UQT0 pbzgCcHfkXfgRtNkzKDzrfYmJi9oTIpfyvusu8F9B9L3rZM6V2Stag4LLAo+zhsX1quM20Ilo71U GPhLgvDNjJnx1qli3tAyddxMhqJMhcRYDScIoIi6xZ4jNJvMlHJGTq29oH+A2TjAmM+gJY+0p4RB vVhNf7e0jSaVeHei+H+q9OlQmylXC1GzcUrzFDqWLDB70Sta20rQakZEFsQ+e+shxmj4AakCxY4D x5PvyWk48JWtmfaXboDG8Lr5RaULjHGEtg6ULVQdYakJDuCkjyYtZSZtC8PKk1uFzJu4yhfX9vOb VEabLeO5dSvNWYllUQdOP9nuNh5ZnHxEIHA1k/UgRvdwootCJ4TrTfHp7fQLbMP7AE53x88/M++A wNofKHoNqE7iPh1s9Os0ZWi/czCiFRI7wwIDAQABo4IBsjCCAa4wDgYDVR0PAQH/BAQDAgSwMB0G A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAJBgNVHRMEAjAAMB0GA1UdDgQWBBSxDZ1/nnS6 biObk7mYFx6CSYKuFzAfBgNVHSMEGDAWgBQkgWw5Yb5JD4+3G0YrySi1J0htaDBvBggrBgEFBQcB AQRjMGEwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbTA5BggrBgEFBQcwAoYt aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc2NhLmNsaWVudDEuY3J0MDgGA1UdHwQxMC8w LaAroCmGJ2h0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL3NjYS1jbGllbnQxLmNybDAZBgNVHREEEjAQ gQ5wZXRlckBwZWFuLm9yZzAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wRwYD VR0gBEAwPjA8BgsrBgEEAYG1NwECBTAtMCsGCCsGAQUFBwIBFh9odHRwczovL3d3dy5zdGFydHNz bC5jb20vcG9saWN5MA0GCSqGSIb3DQEBCwUAA4IBAQCbKZGNOgGhchJ0IcN9rOEy8cwnHlBVDBTc kCdh6HPTeb7SiPmDLxJ1mp2ptKMjVDItkV9golRi4zWW0Q+aT8lJSbmLRWnTJflQB8zhbvSHwFzU VlsYEJBBUrMrfBeowZIcDLTr5VjmC7WysSSIAPyOLtbbIhYWVDiRc7FR3cMzMx0JHByg8iZqJ5/d S7CXj5NiRb8jp3Uo9Wo5o8qwuA0YQ/7ld7tZbE47jAQ6gOQ/J+yBNWCXOjklFmXeI6fxITO5XTq/ +SN1rp4lMR5KfahwYBf0m0jeZQbxek8XTTa1qHfDuZWdKP9Nab2LPYhOs+ShIMb3BNBgiJe7a3H7 yCwjMYIETjCCBEoCAQEwgYkwdTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4x KTAnBgNVBAsTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSMwIQYDVQQDExpTdGFy dENvbSBDbGFzcyAxIENsaWVudCBDQQIQFYOxIV/K9iw0SoQ6zq6/MzAJBgUrDgMCGgUAoIIBmTAY BgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNzEwMjAwNTMyNTZaMCMG CSqGSIb3DQEJBDEWBBQWCU1J5WKfE2KKhMBe0OoDsih9ZzCBmgYJKwYBBAGCNxAEMYGMMIGJMHUx CzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGllbnQg Q0ECEBWDsSFfyvYsNEqEOs6uvzMwgZwGCyqGSIb3DQEJEAILMYGMoIGJMHUxCzAJBgNVBAYTAklM MRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSkwJwYDVQQLEyBTdGFydENvbSBDZXJ0aWZpY2F0aW9u IEF1dGhvcml0eTEjMCEGA1UEAxMaU3RhcnRDb20gQ2xhc3MgMSBDbGllbnQgQ0ECEBWDsSFfyvYs NEqEOs6uvzMwDQYJKoZIhvcNAQEBBQAEggIAJucTKm/EfQKRNwB29V//xON0xrwczdBwwzRlStnq TZ8/WDn4kHr3drfrmN/cVEKZNBxlaZLI8jiegr+n6WyuZS54+G8M5mC8jliiVHdx7kUGQM/xgATx W9tMHZmagMh5ei4k4xXBF1LQT+0Y7Q6h6V9cknK5xwe6nIokr9+WcBX94u9sR3TFLeY/nloQwMBr qbn8yz6o3bj0stH4cIq/N+vGVLe4NFprud2NbqNVjz+a7hSBWDc92J7EHvlNb7LqTd92+ZNDCUXS WoE/Uk7zm8pjLMm40vpdPF2s8J167wEtA1HjJHUGwks81R6o1R2l6Huy2Fg/28Y/Z5xu40gE0pxb IgtH8JqoiwY8GoOJ9C/u5F+9PAu96w+cbAEoI+JXkZxpp8K/YO6h6taLaYDbiQY0JqD+hHp2DaHw ZRtdb3tNLslLvpGn6oSbC/ZroG68NMUIjNn4t2xlWsMJhLLPXHlEO6AGw3IkYcULzixkREAVozDo OW4GUQgUuClOLt9FJHbo6fM1nFKw0Idxowj850x8ADCBq5tb5dWoaQPb6MmfJ9j8mO8H3+3U5Wbi 8ZwG7pBc4aX1/hzZ6dt0BFy9g3Us/nZDC+ZmIbNJs1YLwv+FT+Ufj+TqGtJZj6k4dlX5RrESe6Aa QnMnWUFaXsjlenSaXbfoFhJxxsBL13vlnxoAAAAAAAA= --Apple-Mail=_68D90BAD-AF91-4C37-95F7-4BDBB263CD00--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?82E419D4-4FB4-402A-ACC9-C58D498461BE>