From owner-freebsd-stable@freebsd.org Wed Oct 18 17:03:13 2017 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3BE3BE3ED23 for ; Wed, 18 Oct 2017 17:03:13 +0000 (UTC) (envelope-from stb@lassitu.de) Received: from gilb.zs64.net (gilb.zs64.net [IPv6:2a00:14b0:4200:32e0::1ea]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gilb.zs64.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F1D791ECB for ; Wed, 18 Oct 2017 17:03:12 +0000 (UTC) (envelope-from stb@lassitu.de) Received: by gilb.zs64.net (Postfix, from stb@lassitu.de) id 8D9D019C6EC; Wed, 18 Oct 2017 17:03:09 +0000 (UTC) From: Stefan Bethke Message-Id: <4F45AC20-57F9-4246-836E-4F1C1D01FAC2@lassitu.de> Content-Type: multipart/signed; boundary="Apple-Mail=_48DC4D18-9080-4AC5-A616-8CD416910B8A"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 11.0 \(3445.1.7\)) Subject: Re: 802.1X authenticator for FreeBSD Date: Wed, 18 Oct 2017 19:03:07 +0200 In-Reply-To: <2D461E1D-895F-4D31-9834-A40DEF02F121@pean.org> Cc: Chris Ross , FreeBSD Stable To: =?utf-8?Q?Peter_Ankerst=C3=A5l?= References: <2D461E1D-895F-4D31-9834-A40DEF02F121@pean.org> X-Mailer: Apple Mail (2.3445.1.7) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Oct 2017 17:03:13 -0000 --Apple-Mail=_48DC4D18-9080-4AC5-A616-8CD416910B8A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > Am 18.10.2017 um 18:35 schrieb Peter Ankerst=C3=A5l : >=20 >=20 >=20 >> On 17 Oct 2017, at 22:27, Chris Ross = wrote: >>=20 >>=20 >> wpa_supplicant is the client we use at work, on Linux systems. But, = it=E2=80=99s also the tool described in the FreeBSD wireless = configuration pages, so I know it can be used there. >>=20 >> I haven=E2=80=99t tried FreeBSD with wired 802.1x myself, but just a = thought I had. >>=20 >> - Chris >>=20 > Its my understanding that wpa_supplicant is actually a working client = in FreeBSD. But I=E2=80=99m looking for the server side of this. >=20 > It would be just fine if it worked just like hostapd (control access = of one nic) and dont have any control over switchports or whatever. = Another nice way of doing it would be to have some sort of integration = with authpf or pf itself. I=E2=80=99m under the impression that the authenticator function in a = wired network is usually part of the switch, and the switch will talk to = some authentication server like RADIUS, giving it the port number of the = connected device and additional information. If FreeBSD had such a function, I think it would be limited to = point-to-point Ethernet links, 802.1x being a link-layer protocol. Stefan -- Stefan Bethke Fon +49 151 14070811 --Apple-Mail=_48DC4D18-9080-4AC5-A616-8CD416910B8A Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEzBAEBCgAdFiEEJ+hF98o4r3eU/HiPD885WK4W4sEFAlnniUsACgkQD885WK4W 4sGqGgf/eJor+Utv3d7hQhS0AQALyHSGxWAnWfPmqcICw8sqwj7bd95qLeSrgg+d PVNDG9PFd/XJGJUe1qGeiWXOR73S6oj1ByP074AJHkuaDEws6h9tdLzATQkhjSAi TvgiO/yEJu4ChXDoCucDQ07tdep8QTfwQee7H/KpXUuAq5xrd0fR9kZQ/6OUY7/e 6aZ8VFhDUg9YOsjMN508dtWV5fUFpk99aco9iebao++30MrZfsCj4W/vFDWQvtAk o/BN4hlVKPyOX/gsDWpSIiuIRN/Ztq5Pva5c51a/28aO7CgvdwX8jwOOHAFRvAv1 QewVZULwTzPxiQk1zrYkyotvi0o0FQ== =r9ZR -----END PGP SIGNATURE----- --Apple-Mail=_48DC4D18-9080-4AC5-A616-8CD416910B8A--