FreeRadius/PEAP

Josh Howlett josh.howlett at bristol.ac.uk
Thu Oct 13 23:39:10 CEST 2005


No - your user database needs to store passwords in plaintext or NTLM.

You basically have two options: use a TTLS supplicant instead (such as 
wpa_supplicant or SecureW2), or change your user database.

best regards, josh.

James Taylor wrote:
> Am I able to use PEAP to auth to UNIX or PAM instead of mscahpv2?  Do I do
> this in the EAP.CONF file?  What we are basically trying to do is use
> FreeRadius to authenticate against our current user database on our linux
> server while still maintaining the PEAP-TLS security with wireless.  Is that
> even possible?  
> 
> -----Original Message-----
> From: freeradius-users-bounces at lists.freeradius.org
> [mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of Josh
> Howlett
> Sent: Thursday, October 13, 2005 2:25 PM
> To: FreeRadius users mailing list
> Subject: Re: FreeRadius/PEAP
> 
> James,
> 
> MSChapv2 needs plaintext or NTLM credentials. You won't be able to do 
> what you're trying. It works with users file because you specify the 
> plaintext.
> 
> josh.
> 
> James Taylor wrote:
> 
>>Hi,
>>
>> 
>>
>>I am trying to secure my wireless connections using PEAP-TLS MSChapv2 to 
>>authenticate users against my Linux /etc/shadow; /etc/password/; and 
>>/etc/group files.  I would like to use PAM but UNIX will work too.  I do 
>>not want to use the USERS file as it stores passwords in clear text and 
>>that is what we are trying to avoid. 
>>
>> 
>>
>>All my tests conclude that this functionality will not work.  I am able 
>>to Auth just fine using the USERS file with a username and password.
>>
>> 
>>
>>Any info or direction would be greatly appreciated.
>>
>> 
>>
>>Thank you
>>
>> 
>>
>>James
>>
>>
>>------------------------------------------------------------------------
>>
>>- 
>>List info/subscribe/unsubscribe? See
> 
> http://www.freeradius.org/list/users.html
> 
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list