FreeRadius/PEAP
Alan DeKok
aland at ox.org
Thu Oct 13 23:54:48 CEST 2005
"James Taylor" <jtaylor at laszlosystems.com> wrote:
> Am I able to use PEAP to auth to UNIX or PAM instead of mscahpv2?
Your question doesn't make sense. Pam and Unix /etc/passwd are both
systems that store "known good" passwords. MSCHAPv2 is an
authentication protocol where a user tries to authenticate based on an
unknown password.
> What we are basically trying to do is use FreeRadius to authenticate
> against our current user database on our linux server while still
> maintaining the PEAP-TLS security with wireless. Is that even
> possible?
No the crypt'd passwords stored in /etc/passwd are 100% incompatible
with PEAP. You can:
a) store clear-text passwords
b) use EAP-TTLS with tunneled PAP.
You don't really have many other choices.
Alan DeKok.
More information about the Freeradius-Users
mailing list