Freeradius + OpenLDAP - user password problem
Phil Mayers
p.mayers at imperial.ac.uk
Thu Aug 3 15:01:28 CEST 2006
Stuckzor wrote:
>
> Thank you, your reply was very usefull, and yes, i am confused about how
> this things work and i am not ashamed to admit it, but it's getting clearer
> pretty rapidly :) Now i have one last question (or at least i hope so) -
> which choice is more viable, using EAP-PEAP+MS-CHAP for wireless auth. (but
> with clear text passwords this time), like i originaly planned to, or can
> you recommend using something else? I really don't care, as long as it works
> with most wireless hardware :)
>
Unless the wireless hardware is very broken (assuming you mean APs and
so forth) it won't care.
The main issue is software support. EAP-PEAP+MS-CHAP is generally
considered to be the most widely supported. It works on WinXP, MacOS X
and with Linux wpa_supplicant/NetworkManager, most PDAs and so forth.
EAP-TLS is about as well supported, but has much higher administrative
overhead since you have to generate and distribute certificates.
All the other EAP mechanisms require special software on windows, which
is obviously effort to distribute, install and configure. If you are
willing to go to that effort, Secure_W2 offers EAP-TTLS+PAP which will
work with any auth database.
If you have the choice, I would recommend going with plaintext or
NT-hashed passwords and EAP-PEAP+MS-CHAP
More information about the Freeradius-Users
mailing list