Configuration for md5 not working
Jon Standley
flyboy_1628 at hotmail.com
Thu Sep 17 18:24:22 CEST 2009
Thanks Dave!
"If you need to use clear text passwords, the "fix" is to run the method inside of PEAP or TTLS, which will generate keys and protect your passwords in the air."
So basically if i set in my eap.conf default type to PEAP, how do I do the "fix" you speak of. Also, in using PEAP, which certificates should I edit from the default values? And just do be doubly sure, is this method with the "fix" will still allow clients to connect without having to load a certificate right? Thanks!
----------------------------------------
> Date: Thu, 17 Sep 2009 14:25:34 +0000
> From: david at mitton.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: Re: Configuration for md5 not working
>
> From: From: Alan Buxey
> Sep 17, 2009 04:28:13 AM, freeradius-users at lists.freeradius.org wrote:
>
>>Hi,
>>
>>> I have everything configured for md5 authentication so that I do not need to
>>> use either server or client-side certificates. I have my access points
>>> configured in /etc/raddb/clients.conf and my users configured in
>>> /etc/raddb/users>>>>>>
>> My access point is set to WPA Enterprise security using a RADIUS server.
>>
>>cool. last time i checked you couldnt use MD5 as a method for wireless 802.1X
>>- there are only certain EAP types that can be used - PEAP, EAP-TLS, EAP-TTLS
>>etc being some of them.
>
> Microsoft has disabled MD5 in recent releases. If you really want to use it, you have to figure out how to reenable it.
> You can, but that's an exercise for the reader.
>
> For WPA wireless encryption, you must use an EAP method that generates encryption keys. MD5 does not. Neither does GTC.
> If you need to use clear text passwords, the "fix" is to run the method inside of PEAP or TTLS, which will generate keys
> and protect your passwords in the air.
>
>> MD5 is fine for wired because - ha ha - wired 802.1X
>>is a bit of a joke really - all it does is authenticate you, there is no
>
> Um, I don't get the "joke"? How is that different than normal NAS PPP dial-up access that RADIUS was originally designed for?
> Most people using wired 802.1X only need network access control. Wireless is the special case here.
> And the encryption only covers the connection between the station and the access point.
> If you want to protect your data on a physical wire, use a VPN or IPSEC.
>
> Dave Mitton.
>
>
>>link layer encryption going on - unlike WPA Enterprise wireless - which all gets
>>encapsulated in an EAP tunnel - hence you need specific types of EAP for wifi
>>...
>>alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_________________________________________________________________
Ready for Fall shows? Use Bing to find helpful ratings and reviews on digital tv's.
http://www.bing.com/shopping/search?q=digital+tv's&form=MSHNCB&publ=WLHMTAG&crea=TEXT_MSHNCB_Vertical_Shopping_DigitalTVs_1x1
More information about the Freeradius-Users
mailing list