On 8/5/09 20:00, Alan DeKok wrote:
Scott Sears wrote:
I cannot get all the pieces working together. Laptop->AP->Freeradius->Kerberos.
It's impossible.
Kerberos requires a clear-text password to authenticate (or various Kerberos crypto tokens derived from the password).
PEAP supplies an MS-CHAP hash, not a clear-text password.
So the two are *incompatible*.
If you use SecureW2, you can configure Windows to do TTLS+PAP. That will supply a clear-text password in the inner tunnel, which will allow kerberos to work.
Really? I would have thought the exchange would be far more complex than just PAP? Surely you can't bootstrap Kerberos like that.
I can see this problem has been posted to the list many times,
Kerberos + EAP? I don't recall seeing that very often.
It's not supported by any Windows supplicants i've come across.
Windows + EAP questions happen a lot...
Has anyone actually got EAP-Kerberos or some other equivalent scheme working with windows ? Arran -- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2