moving from WPA2 to WPA2 Enterprise
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Tue Jun 23 18:12:57 CEST 2015
The SSHA are non reversible and LDAP won't do challenge response for PEAP. So you either need to have them in another encryption method or be limited to EAP-TTLS/PAP
Regarding cert. ..and this is very important for TTLS/PAP. The common name is just a name that the clients are configured to check in the applicant properties. Common practice is to use a domain name that makes sense. ...but you can just call it 'networkaccess' if you want.....that'd even work across a proxied link. Use the same cert on both servers. ..its not like secure web where you are tied to DNS and host name mappings.
alan
More information about the Freeradius-Users
mailing list