PEAP+PAM or MySQL possible?
Alan DeKok
aland at deployingradius.com
Thu Dec 28 22:59:24 CET 2006
Matt Goebel wrote:
> I'd like to move to WPA Enterprise EAP/PEAP from EAP/TLS. That way
> there are no client certificates to deal with and I can instead just use
> usernames/passwords. I don't, however, want either OpenLDAP or AD to do
> it. Both would be overkill for my needs and just add an extra layer to
> maintain. Instead I want to use either PAM or MySQL in their place. Is
> this even possible?
PAM, no. MySQL, yes.
> If so how? I haven't seen any documentation that
> definitively explains this one way or another. Testing I'm able to
> successfully authenticate using the radtest program.
If you can get PAP authentication working, and you have TLS working,
you can get PEAP working with minimal effort.
> From a client
> (both Windows and Linux) I get invalid username/password errors. Debug
> mode I see the username being passed correctly along with other
> information but no password, encrypted or otherwise.
That's how PEAP works. You may try posting the debug output here, as
suggested in the FAQ, INSTALL, README, and daily on this list.
> Maybe this is by
> design? I haven't seen what working PEAP debug messages look like so I
> have no frame of reference.
We have. So... why don't you post them here?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list