If you are in control of Ldap server then you can enforce whatever password scheme you see fit. If you map Clertext-Password attribute to plain text passwords in Ldap everything will work fine. But if you are using crypt, sha or such on your passwords, mschap will never work. Your eap.conf is likely to be OK if you are getting that far. Mschapv2 is failing because passwords in Ldap are encrypted or mapped to some other password attribute (most often User-Password). But you will need to post the whole eap conversation in order to be sure. Ivan Kalik Kalik Informatika ISP Dana 18/9/2007, "Kent Thomas" <Kent@solarbee.com> piše:
Ivan,Thanks a million. I've been looking at using peap. I have a mixed network, mac & xp. I wouldn't mind using plain text passwords if that could be forced. The only configurations that get close to working get as far as machapv2, then fail because of no nt/lm password. If I could use the password from my ldap connection which seems to be working nicely, then I would be thrilled. Could you give me the eap.conf that would do that? Thanks a million Kent
On 9/18/07 4:27 PM, "tnt@kalik.co.yu" <tnt@kalik.co.yu> wrote:
If you have XP clients your best option is PEAP. Read instructions in eap.conf about setting it up. But that will work only if your passwords are stored in plain text or NT hash (not much to do with EAP but MSCHAPv2 used as tunnel authentication protocol). If your passwords are encrypted in some other way you can use SecureW2 suppicant and TTLS-PAP.
Ivan Kalik Kalik Informatika ISP
Dana 18/9/2007, "Kent Thomas" <Kent@solarbee.com> piše:
Phil, Thanks a million for the reply. You are the first to actually reply with some info for me to look at.
The document you gave is good, except for the client certificate part. I don't want to have to give certificates out to everyone on my wireless network. Is there a way to get around this?
Thanks a million. Kent
On 9/18/07 4:01 PM, "Phil Mayers" <p.mayers@imperial.ac.uk> wrote:
On Tue, 2007-09-18 at 08:13 -0600, Kent Thomas wrote:
Hello all, I'm looking for a simple way to protect access to my wireless network. I'm seeing a lot of old documentation on how to use EAP-TLS to protect the wireless network. I've found lots of old documentation on how to setup WPA Enterprise. I would like some updated docuentation on how to do this.
This is an extremely common setup.
http://wiki.freeradius.org/WPA_HOWTO
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html