PEAP authentication with freerad ?

Michael Griego mgriego at utdallas.edu
Tue Jun 6 16:22:32 CEST 2006


I assume by PEAP, you mean the most-often-seen PEAP/EAP-MSCHAPv2.  In  
this case, MD5 is not involved anywhere.  The passwords are hashed  
differently.  As such, you must either have an NT hashed password  
(which is actually a unicode-encoded MD4 hash of the password) or a  
cleartext password in your directory.

--Mike

On Jun 6, 2006, at 3:36 AM, thomas hahusseau wrote:

> Hello,
>
> I would like to use PEAP to perfome authentication of wlan users ,  
> I choose PEAP because Users and Passwords are in an LDAP Server  
> (OPEN-LDAP). According to me PEAP works like this :
>
> Phase 1 :: TLS handshake the server authenticate to the client as a  
> trusted radius serveur and a cipher tunel is created.
> Phase 2 :: Login + Password + Domain hashed with MD5 are send to  
> the Radius Server which ask LDAP server for password and login.
>
> acording to the doc file :  realm_eap , freeradius supports only  
> eap-tls (authentication based only on certificates (client +  
> server ) lead and eap-MD5 ( according to me even if PEAP use MD5  
> hash , the EAP-MD5 is different with no mutual autenthication and  
> no TLS handshake )
>
> I dont want to use a full certifcate based solution like EAP-TLS or  
> a authentification with no ciphered tunel like with EAP-MD5
>
> Anyone could help me for using PEAP (or at least authentication  
> with the two phases described upper) with freeradius ?
>
> thank you.
>
> Ps : sorry for english mistakes :)
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ 
> users.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6184 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060606/2b1ba984/attachment.bin>


More information about the Freeradius-Users mailing list