Thomas Hewton-Waters wrote:
I have an existing database of users with their passwords encrypted using Unix crypt(). A wireless AP is set for WPA/WPA2 using the RADIUS server to validate user logins. This works great using EAP-GTC for all clients except Windows. Windows doesn’t support EAP-GTC.
You can use PEAP + GTC. That should work. And you should NOT be using EAP-GTC by its own. It leaks the passwords, by sending them over the air in clear-text.
Here are a few things I can’t do:
· Install certificates on the Windows clients
· Install a supplicant on the Windows clients
Well, you're stuck.
Is there anything I can do to get the Windows clients to authenticate without changing the Windows configuration?
You need to install the servers certificate on the Windows box for EAP to work. You're really asking "how do I add more security without changing anything". The answer is (of course) "you can't." Alan DeKok.