Hi, I want to move away from PSK and use 802.1x in the future for our wireless clients. - 2 CentOS 7 Servers with Freeradius from repo, currently version: 3.0.4 - User Backend shall be OpenLDAP with passwords hashed in SSHA (inetOrgPerson/posixAccount) - Clients: Android 3,x or 4,x or bigger, iOS 7+, Windows 7+ but mainly 7 - Within our self-managed CA we will create a certificate that every client will get manually installed - We prefer credential based authentication over certificate based client authentication questions 1) A colleague mentioned that we would have a problem with connecting to LDAP, because the passwords stored there are SSHA and he also said that only unencrypted/unhashed passwords will do or NTLM. What road do we need to choose when it comes to authentication methods. 2) What do I have to consider when choosing the common name for the certificate? Thank you in advance -- Peakwork Signature *Jochen Demmer* Network Administrator T: +49-(0)241-4131146-29 jochen.demmer@peakwork.com peakwork AG | Sonnenweg 15 a | D-52070 Aachen | T: +49-(0)241-4131146-29 | F: +49-(0)241-4131146-17 peakwork AG (Headquarter) | Flinger Str. 36 | D-40213 Düsseldorf | T: +49-(0)211-91368-500 | F: +49-(0)211-91368-509 Executive board: Ralf Usbeck (chairman) | Markus Pfau | Michael Schmidt | Dr. Thomas van Kaldenkerken Chairman of the supervisory board: Markus Voelkel Company register: Amtsgericht Düsseldorf HRB 71223 | VAT ID.: DE264960677 Peakwork Logo www.peakwork.com | www.peakwork.de