Freeradius + OpenLDAP - user password problem

Phil Mayers p.mayers at
Thu Aug 3 15:01:28 CEST 2006

Stuckzor wrote:
> Thank you, your reply was very usefull, and yes, i am  confused about how
> this things work and i am not ashamed to admit it, but it's getting clearer
> pretty rapidly :) Now i have one last question (or at least i hope so) -
> which choice is more viable, using EAP-PEAP+MS-CHAP for wireless auth. (but
> with clear text passwords this time), like i originaly planned to, or can
> you recommend using something else? I really don't care, as long as it works
> with most wireless hardware :)

Unless the wireless hardware is very broken (assuming you mean APs and 
so forth) it won't care.

The main issue is software support. EAP-PEAP+MS-CHAP is generally 
considered to be the most widely supported. It works on WinXP, MacOS X 
and with Linux wpa_supplicant/NetworkManager, most PDAs and so forth.

EAP-TLS is about as well supported, but has much higher administrative 
overhead since you have to generate and distribute certificates.

All the other EAP mechanisms require special software on windows, which 
is obviously effort to distribute, install and configure. If you are 
willing to go to that effort, Secure_W2 offers EAP-TTLS+PAP which will 
work with any auth database.

If you have the choice, I would recommend going with plaintext or 
NT-hashed passwords and EAP-PEAP+MS-CHAP

More information about the Freeradius-Users mailing list