Am 30.09.2016 um 12:09 schrieb Dom Latter:
On 29/09/16 17:57, Bogdan Rudas via Freeradius-Users wrote:
Hello Dom,
Why don't you go with EAP-TTLS+PAP ? Plain-text password transferred over TLS-secured channel let you use any hashing algorithm you want in your
As far as I can work out, out-of-the-box support for this protocol only arrived for most things in about 2010. We'll have quite a lot of users still using machines older than that. I suspect that for commercial reasons, it's not an option. I can ask.
database. Sure, you have to pay attention for proper device configuration with your CA certificate.
Do you mean a certificate needs to go on the device?
I have had a look at this: http://cloudessa.com/tips-and-tricks/how-to-setup-eap-ttls-with-inner-pap-au...
for example and it does not look like a certificate *needs* installing.
You didn't read this yet, did you? Section "User Device Configuration": http://freeradius.org/enterprise-wifi.html No CA checks means all your passwords are up for grabbing for everyone with a glimpse on Enterprise Wi-Fi. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université L-4365 Esch-sur-Alzette Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66