Steve Hopps wrote:
We're trying to use an access point configured for wpa2 using freeradius to authenticate with openldap. For Android and Linux it works out of the box with eap/ttls and pap. So we used Pam cause it already works with ldap. I didn't know other encryption types wouldn't work with Pam.
This confuses me. Why use PAM when FreeRADIUS can use LDAP directly?
IPhones work with a custom config profile that's easily installed. However, our most significant hurdle is windows machines. Who would have guessed??? For some stupid reason Microsoft doesn't care about supporting all modern encryption standards. Making our staff pay for SecureW2 isn't an option and XSupplicant doesn't work reliably yet in 64bit Win7. So I'm back to trying to get mschapv2 working with peap. This seems impossible.
It's possible. It's easy. (a) configure FreeRADIUS to query LDAP directly (b) ensure that the passwords in LDAP are stored in a format compatible with MS-CHAP. If you can do both, then getting PEAP to work should be trivial. In 2.1.2, you can use "radclient" to send MS-CHAP requests to the server. Don't even THINK of trying to get PEAP to work until you have plain old MS-CHAP working. Alan DeKok.