802.1x with mschap-radius-ldap with ssha-1 passwords
Thibault Le Meur
Thibault.LeMeur at supelec.fr
Mon Jul 17 22:17:19 CEST 2006
> Could I do EAP-TTLS using the securew2 client instead?
Yes, that's an option. And since EAP-TTLS is a standard you'll be able
to have it work on a variety of clients (MAC OS, Pocket PC + SecureW2,
Palm-OS, linux).
> Or am I
> better off creating a 2nd password attribute on the LDAP directory that is
> maybe encoded as an NT-Password attribute or something like that.
That's another option. But if you choose this one, you'll have to make
sure your users change their password through a unique interface that
encode the passowrd as both SSHA and NTLM.
Personnaly I chose the first solution.
Thibault.
More information about the Freeradius-Users
mailing list