PEAP+PAM or MySQL possible?

Matt Goebel <mgoebel@workforcesoftware.com> · Thu, 28 Dec 2006 14:23:08 -0500

I'd like to move to WPA Enterprise EAP/PEAP from EAP/TLS.  That way 

there are no client certificates to deal with and I can instead just use 

usernames/passwords.  I don't, however, want either OpenLDAP or AD to do 

it.  Both would be overkill for my needs and just add an extra layer to 

maintain.  Instead I want to use either PAM or MySQL in their place.  Is 

this even possible?  If so how?  I haven't seen any documentation that 

definitively explains this one way or another.  Testing I'm able to 

successfully authenticate using the radtest program.  From a client 

(both Windows and Linux) I get invalid username/password errors.  Debug 

mode I see the username being passed correctly along with other 

information but no password, encrypted or otherwise.  Maybe this is by 

design?  I haven't seen what working PEAP debug messages look like so I 

have no frame of reference.  