Re: Unique WEP's without LEAP

hi


>         Actually I don't want Freeradius to create the keys or deliver the WEP 
> keys to the end
>         user. The end user will have already entered in her unique WEP key 
> manually. Free-

ok, in your first post you didn't precise that.


> 	radius just needs to authenticate based on MAC, and tell the access point which WEP 
> 	key to use when talking with that client.
>
>         All of the WEPs would be created in advance, and entered into the 
> client's configuration
>         and into a database/file which is readable by Freeradius.

so, you want the WEP keys being delivered out of some file based on the 
MAC address. while i agree that this is possible and theoretically 
different than to deliver the keys to the user, this is not supported by 
freeradius. (besides, practically, the keys are delivered encrypted to 
the  access point and the access point delivers at least some of them 
encrypted to the user; the interface between AP and user is defined in 
the 802.1X document, i.e. AP has to be set in the "EAP enabled" mode).

in the most general case key delivery means key management and key 
management should be bound to the authentication. that brings you back 
to eap, unfortunately for you :-) that's how freeradius does it right now.

you will have to patch freeradius in order to do fixed key delivery 
without previous authentication. this is definitely feasible, but you 
will also have to take a closer look on your AP and see if it can 
install WEP keys dynamically without EAP. then, AP will have to send the 
broadcast key to the user, you will have to verify how it is going to 
encrypt it and who is going to decrypt it on the user side.

all in all, your problem is rather practical, theoretically it would work.


ciao
artur





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html