On Mon, Nov 23, 2015 at 11:19:49AM +0100, Hans Hering wrote:
We have a Sun DS with salted SHA1 passwords, freeradius 3.0.10, Aruba IAP-225 access points and Windows and OS X clients.
What version of Windows?
My goal is having the users log on to the WPA2 Enterprise wifi with their LDAP credentials and no client configuration whatsoever. This means I don't want to install network profiles on the Macs and no EAP-GTC plugins on the Windows machines.
A noble goal, but I'm afraid you're likely to be disappointed.
From what I've read, this should be possible with EAP-TTLS and inner PAP, as PAP can work with salted SHA1 passwords. However,
Windows 7 and earlier can't do EAP-TTLS/PAP natively. Pretty much the only options available by default on both are EAP-TLS or PEAP/EAP-MSCHAPv2. The latter is ruled out if you have passwords in SHA1, so you're just down to certificates. Which requires provisioning on the clients. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>