Hoggins! wrote:
We're using FreeRADIUS to authenticate users to access our Wi-Fi. It works very well. The thing is : we use a mechanism that works perfectly for Android and Linux (NetworkManager) clients, but some can't access it, due to limitations. I'm thinking of some Windows flavors here.
We store our passwords hashed in a MySQL database, and recommend the users to connect using "WPA2 Enterprise (802.11x) using TTLS method and PAP for phase2.
Do you think that we could find a more "universal" combination that even "old" Windows clients would be compatible with ?
I've also been through EAP-TTLS/PAP setup with Windows client the last days using OpenLDAP server as backend also with strong-hashed passwords. I do understand now why hotspot systems work with MAC addresses and authc via obscure web interfaces to make things look convenient for the average user. ;-) My tests with Windows 8 showed that it tries to use NTLM passwords in EAP-TTLS by default. But which route to take very much depends on your security requirements and operational preferences. Could you elaborate on that? Ciao, Michael.