PEAP+PAM or MySQL possible?

Alan DeKok aland at deployingradius.com
Thu Dec 28 22:59:24 CET 2006


Matt Goebel wrote:
> I'd like to move to WPA Enterprise EAP/PEAP from EAP/TLS.  That way
> there are no client certificates to deal with and I can instead just use
> usernames/passwords.  I don't, however, want either OpenLDAP or AD to do
> it.  Both would be overkill for my needs and just add an extra layer to
> maintain.  Instead I want to use either PAM or MySQL in their place.  Is
> this even possible?

  PAM, no.  MySQL, yes.

>  If so how?  I haven't seen any documentation that
> definitively explains this one way or another.  Testing I'm able to
> successfully authenticate using the radtest program.

  If you can get PAP authentication working, and you have TLS working,
you can get PEAP working with minimal effort.

>  From a client
> (both Windows and Linux) I get invalid username/password errors.  Debug
> mode I see the username being passed correctly along with other
> information but no password, encrypted or otherwise.

  That's how PEAP works.  You may try posting the debug output here, as
suggested in the FAQ, INSTALL, README, and daily on this list.

>  Maybe this is by
> design?  I haven't seen what working PEAP debug messages look like so I
> have no frame of reference. 

  We have.  So... why don't you post them here?

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list