Emre Ersin wrote:
I am trying to authenticate our wired Windows users by using rlm_perl module over secured IMAP.
That won't work. http://deployingradius.com/documents/protocols/oracles.html IMAP fits the same column as "LDAP bind as user".
When I give radtest command with a user-name and user-password it accepts;
Because you are supplying a clear-text password. 802.1x authentication does not do that.
But xp supplicants (naturally) doesn't send user-passwords while using eap-md5. And I really don't want to create thousands of client certificates. Which protocol do I have to use or...
Is it possible? Is there a way to authenticate winxp (and vista (and also Macos users)) users without installing any client program?
Yes. Use PEAP. It's built into Windows. For wired authentication, EAP-MD5 should work, too.
Supplicant (winxp) ---- NAS (hp2626) -------- WAN | | RS -- rlm_perl ----- IMAP(s) or POP3(s) servers (more than one)
Why? The IMAP/POP servers have a user database. Use that to authenticate 802.1x users. Using rlm_perl && IMAP/POP is horrible. Plus, it won't work. Alan DeKok.