Unix Crypt passwords + Windows 7
Alan DeKok
aland at deployingradius.com
Thu Oct 17 02:34:10 CEST 2013
Thomas Hewton-Waters wrote:
> I have an existing database of users with their passwords encrypted
> using Unix crypt(). A wireless AP is set for WPA/WPA2 using the RADIUS
> server to validate user logins. This works great using EAP-GTC for all
> clients except Windows. Windows doesn’t support EAP-GTC.
You can use PEAP + GTC. That should work.
And you should NOT be using EAP-GTC by its own. It leaks the
passwords, by sending them over the air in clear-text.
> Here are a few things I can’t do:
>
> · Install certificates on the Windows clients
>
> · Install a supplicant on the Windows clients
Well, you're stuck.
> Is there anything I can do to get the Windows clients to authenticate
> without changing the Windows configuration?
You need to install the servers certificate on the Windows box for EAP
to work.
You're really asking "how do I add more security without changing
anything". The answer is (of course) "you can't."
Alan DeKok.
More information about the Freeradius-Users
mailing list