On Jul 15, 2016, at 11:34 AM, Dom Latter <freeradius-users@latter.org> wrote:
for a couple of years now we have been using freeradius to support a Wifi network. We are using WPA2-Enterprise. We need to support clients running any and every operating system.
Currently we store passwords as plain text in a "radcheck" table in the database.
I am experimenting with replacing "User-Password" (yes, I know it should be "Cleartext-Password") with an "NT-Password" generated by smbencrypt.
So far it seems mostly okay with Windows, Android, iOS and MacOS. And Linux.
That's not the real criteria.
Are there any pitfalls or gotchas to watch out for? Any systems that only do MSCHAPv1 (which I believe requires the plain text password).
The definitive answer is here: http://deployingradius.com/documents/protocols/compatibility.html Note there is no mention of OS. Just authentication protocol. See your OS documentation for what authentication protocols it supports, and then look up the protocol in the table. Alan DeKok.