FreeRadius/PEAP

Alan DeKok aland at ox.org
Thu Oct 13 23:54:48 CEST 2005


"James Taylor" <jtaylor at laszlosystems.com> wrote:
> Am I able to use PEAP to auth to UNIX or PAM instead of mscahpv2?

  Your question doesn't make sense.  Pam and Unix /etc/passwd are both
systems that store "known good" passwords.  MSCHAPv2 is an
authentication protocol where a user tries to authenticate based on an
unknown password.

> What we are basically trying to do is use FreeRadius to authenticate
> against our current user database on our linux server while still
> maintaining the PEAP-TLS security with wireless.  Is that even
> possible?

  No the crypt'd passwords stored in /etc/passwd are 100% incompatible
with PEAP.  You can:

  a) store clear-text passwords
  b) use EAP-TTLS with tunneled PAP.

  You don't really have many other choices.

  Alan DeKok.



More information about the Freeradius-Users mailing list