Hello, Le 05/05/2015 11:33, Michael Ströder a écrit :
I've also been through EAP-TTLS/PAP setup with Windows client the last days using OpenLDAP server as backend also with strong-hashed passwords. I do understand now why hotspot systems work with MAC addresses and authc via obscure web interfaces to make things look convenient for the average user. ;-)
My tests with Windows 8 showed that it tries to use NTLM passwords in EAP-TTLS by default.
But which route to take very much depends on your security requirements and operational preferences. Could you elaborate on that?
Actually, it's a simple setup that only requires some security, more than a pre-shared key. The FreeRADIUS server picks up information in a database that is also used for a website : people authenticating on that website can also use the Wi-Fi of our facilities using their website password. It's also easier to revoke people when needed, etc. It's very small (for a student radio in France), and the security requirements are not absolutely vital, but anyway, we know that some of our users have difficulties connecting under Windows. And, of course, no error is ever available on their side to describe the problem.
Ciao, Michael.
Cheers.