AES encrypted passwords
freeradius-users at latter.org
freeradius-users at latter.org
Fri Sep 30 12:53:27 CEST 2016
On 30/09/16 11:25, Matthew Newton wrote:
> Most things will do EAP-TTLS/PAP these days. Windows XP/7 are the
> only real big exceptions I'm aware of. And if XP is a problem then
> that's the least of your issues.
I thought Windows 7 *did* support it. (Out of the box, in case
that is not crystal clear!)
If it does not then it is a definite no-no - definitely lots of
users on our network still using W7.
I have even found some using XP and Vista in the last few months,
although I cannot tell from the Apache logs whether they are wired
or wifi.
> But then, you should install a client CA root cert with pretty
> much whichever EAP method you use, otherwise you risk the same
> problem, to a greater or lesser degree, depending on the inner
> method. So this is something you should be doing anyway.
As I indicated earlier - this side of things is not really my bag.
Mostly, I write code.
However I have just looked at the instructions we give to users
wishing to connect their Windows 8 machine to the wifi network
and have seen this:
- Untick “Verify the server’s identity by validating the certificate”
So presumably we are at risk of people spoofing the SSID?
(although I believe the Aerohive kit has stuff to identify
and deal with what they call "rogue" access points).
More information about the Freeradius-Users
mailing list