Archive for January, 2004

Loop, Mix, Burn

Sunday, January 11th, 2004

The Tao of Mac: Why GarageBand
Matters

Wireless Generation

Sunday, January 11th, 2004

Tom
Hoffman
: “Sitting in a presentation by Larry Berger from Wireless
Generation on their products for taking reading and math assessment
input on Palms and providing visualization and other services via the
web.”

MenuMeters for Mac OS X

Sunday, January 11th, 2004

Teal
Sunglasses
: “MenuMeters
is a neat little utility that puts CPU, Memory usage, disk and Network
into little menu items on the bar.”

Buttle, Tuttle? Who’s minding this store?

Sunday, January 11th, 2004

Mark Frauenfelder: Why can’t Homeland Security tell the difference between Al Quaeda and my six-year-old daughter?

"Bookscan: for better, or worse?"

Friday, January 9th, 2004

Dave Taylor: “All of my author friends are familiar with a company called bookscan, that purports to offer unbiased quantified data about book sales throughout all outlets. But do they?”

The Problem of Planning a Sense of Place

Wednesday, January 7th, 2004

Shawn
Wallace
: “…social momentum is a sign of a healthy public life; people
produce a great deal, artistically and otherwise; individuals find
themselves learning more (and memorizing less) and maybe even becoming a
little more understanding and compassionate.”

"Coffee Houses Cross Paths with History, Again"

Wednesday, January 7th, 2004

Glenn
Fleishman
points to something that’s very dear to me: “coffee
houses were often the mailing addresses for folks before street
addresses were common.” In the early 1990s, when I was still in
college, I fell in love with the idea of third places
as described in Ray Oldenburg’s The
Great Good Place
. So my friends and I put together something called
the Cafe de la Tete. Yeah, the name was a little pretentious, but the
goal was to offer people something really unique–a place to live when
you’re not at work or at home, a place with hopefully as few pressures
as possible.

It was really great fun; we didn’t try to make any money at it, and some
great stuff grew out of that: zines, performance art, a good connection
between the URI scene and what was going on at AS220. The Cafe kept going for a while,
under the direction of various people. It’s not around any more, but
its spirit touched a lot of people, and I think we’re all more
well-rounded for it.

Mac OS X, Radius, 802.1x and Windows XP

Tuesday, January 6th, 2004

This is one of those things where I was way over my head. I’ve been
trying to set up an 802.1x-protected access point at home with support
for EAP, PEAP, and EAP-TTLS. Why? So I could connect to it from Mac OS
X and Windows XP and know what it feels like. (it’s one thing to write
“Windows XP supports 802.1x”, it’s another thing to know it).

Andreas
Wolf’s FreeRADIUS packages
worked great for me on Mac OS X. I
didn’t need MySQL, so I uncommented the sql entries in
/usr/local/freeradius/etc/raddb/radiusd.conf and added a user to
/usr/local/freeradius/etc/raddb/users:

"bjepson"       Auth-Type := Local, User-Password == "bjepson"
                Reply-Message = "Hello, %u"

Next, I connected my D-Link 900AP+ and my Mac to the same hub my
router’s plugged into. My network is 192.168.254.0, but I set up the Mac
and the 900AP+ as 192.168.0.1 and 192.168.0.50, respectively. I told
the 900AP+ that the RADIUS server was on 192.168.0.1, set the shared
secret to “testing123″, and added an entry for the 900AP+ in
/usr/local/freeradius/etc/raddb/clients.conf:

client 192.168.0.50 {
        secret          = testing123
        shortname       = wifi
        nastype     = other
}

Then, I started FreeRADIUS with sudo
/usr/local/freeradius/sbin/radiusd -X
and tried to connect from a Mac using
802.1x. That worked OK, but it wasn’t as easy from Windows XP. Windows
XP wanted to use PEAP, and for that, I had to set up a few certificates.
I followed the FreeRADIUS
EAP/TLS - WinXP HOWTO
, but didn’t bother with the CA.clt, since I
wanted to authenticate the client using a username and password. I
goofed up at first and got this error when I tried to launch FreeRADIUS:

908:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:632:Expecting: CERTIFICATE
908:error:06065064:digital envelope routines:EVP_DecryptFinal:bad
decrypt:evp_enc.c:438:
908:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:421:
908:error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM
lib:ssl_rsa.c:707:

It turns out that I had the wrong private key password in
radiusd.conf; I had second-guessed the instructions, and when the
CA.svr script asked me for a challenge password (A challenge
password []:
), I had made one up and figured I was supposed to
replace “whatever” with what I actually used. So, the next time
through, I didn’t supply a challenge password, and set the private key
password to exactly what it said in the HOWTO:

private_key_password = whatever

Connecting
So, to connect from Windows XP, I right-clicked on the Wireless network
connection and selected View Available Wireless Networks. I clicked
Advanced, selected the network in the list, and then clicked Configure. Then
I selected the Authentication tab, made sure “Enable IEEE 802.1x
authentication” was selected, and chose PEAP from EAP type. I clicked
Properties and:

  1. Deselected “Validate server certificate,” since my certificate was
    self-signed.

  2. Clicked the Configure next to the authentication method
    (which was set to EAP-MSCHAP v2), and deselected “Automatically use my
    Windows logon name…”

Next, I clicked OK to dismiss the remaining windows, and a notification
bubble appeared telling me to “select a certificate or other credentials
for connection.” I clicked it, supplied the user name and password
(bjepson/bjepson) I had
specified in the /usr/local/freeradius/etc/raddb/users file, and
that got me in!

Setting up RADIUS on Win2000 Server

Monday, January 5th, 2004

Continuing my theme of running a RADIUS server on different operating
systems today, I tried to set up Windows 2000 Server’s Internet
Authentication Services as the RADIUS authentication for a D-Link
DWL-900AP+
(a cheap Wi-Fi access point that does 802.1x). I got
stuck trying to configure PEAP–it kept telling me that ” A certificate
could not be found that can be used with this Extensible Authentication
Protocol”. Google
Groups
to the rescue.

Compiling FreeRADIUS on Mac OS X

Monday, January 5th, 2004

This
tip
worked for me. (That is, it got it to compile; I’ll update this
entry if I have to do anything special to make it work).
[Update] It didn’t work, but this
looks promising
.