Cisco WLC + password hashing
I am using a Cisco WLC with freeradius and it seems, regardless of what I do to the eap config file, the combination of freeradius+Cisco 2504 only allows NTLM password hashing. I read that type of hashing is completely vulnerable now. So, is it worth implementing it at all or should I just use cleartext? Any other users here that have a Cisco WLC, what do you usually do in production deployments? Thank you.
On Thu, Sep 08, 2016 at 08:45:59PM -0500, David Jimenez wrote:
I am using a Cisco WLC with freeradius and it seems, regardless of what I do to the eap config file, the combination of freeradius+Cisco 2504 only allows NTLM password hashing.
I'm not sure what you're seeing. The Cisco WLCs just pass EAP through from the client like any other NAS [should].
I read that type of hashing is completely vulnerable now. So, is it worth implementing it at all or should I just use cleartext?
There's probably not much difference in either. Use EAP-TLS if you want better security. If it's convenience (which, let's face it, most people prefer) then PEAP/MSCHAPv2 is the most common.
Any other users here that have a Cisco WLC, what do you usually do in production deployments?
We're using at least EAP-TLS, PEAP/EAP-MSCHAPv2, EAP-TTLS/MSCHAPv2, EAP-TTLS/PAP. Matthew -- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>
participants (2)
-
David Jimenez -
Matthew Newton