Controlling access to my Wireless network.

tnt at kalik.co.yu tnt at kalik.co.yu
Wed Sep 19 01:06:37 CEST 2007


If you are in control of Ldap server then you can enforce whatever
password scheme you see fit. If you map Clertext-Password attribute to
plain text passwords in Ldap everything will work fine. But if you are
using crypt, sha or such on your passwords, mschap will never work.

Your eap.conf is likely to be OK if you are getting that far. Mschapv2 is
failing because passwords in Ldap are encrypted or mapped to some other
password attribute (most often User-Password). But you will need to post
the whole eap conversation in order to be sure.

Ivan Kalik
Kalik Informatika ISP


Dana 18/9/2007, "Kent Thomas" <Kent at solarbee.com> piše:

>Ivan,Thanks a million.  I've been looking at using peap.  I have a mixed
>network, mac & xp.  I wouldn't mind using plain text passwords if that could
>be forced.  The only configurations that get close to working get as far as
>machapv2, then fail because of no nt/lm password.  If I could use the
>password from my ldap connection which seems to be working nicely, then I
>would be thrilled.  Could you give me the eap.conf that would do that?
>Thanks a million
>Kent 
>
>
>On 9/18/07 4:27 PM, "tnt at kalik.co.yu" <tnt at kalik.co.yu> wrote:
>
>> If you have XP clients your best option is PEAP. Read instructions in
>> eap.conf about setting it up. But that will work only if your passwords
>> are stored in plain text or NT hash (not much to do with EAP but
>> MSCHAPv2 used as tunnel authentication protocol). If your passwords are
>> encrypted in some other way you can use SecureW2 suppicant and TTLS-PAP.
>> 
>> Ivan Kalik
>> Kalik Informatika ISP
>> 
>> 
>> Dana 18/9/2007, "Kent Thomas" <Kent at solarbee.com> piše:
>> 
>>> Phil,
>>> Thanks a million for the reply. You are the first to actually reply with
>>> some info for me to look at.
>>> 
>>> The document you gave is good, except for the client certificate part.  I
>>> don't want to have to give certificates out to everyone on my wireless
>>> network.  Is there a way to get around this?
>>> 
>>> Thanks a million.
>>> Kent
>>> 
>>> 
>>> On 9/18/07 4:01 PM, "Phil Mayers" <p.mayers at imperial.ac.uk> wrote:
>>> 
>>>> On Tue, 2007-09-18 at 08:13 -0600, Kent Thomas wrote:
>>>>> Hello all,
>>>>> I'm looking for a simple way to protect access to my wireless network.  I'm
>>>>> seeing a lot of old documentation on how to use EAP-TLS to protect the
>>>>> wireless network.  I've found lots of old documentation on how to setup WPA
>>>>> Enterprise.  I would like some updated docuentation on how to do this.
>>>>> 
>>>> 
>>>> This is an extremely common setup.
>>>> 
>>>> http://wiki.freeradius.org/WPA_HOWTO
>>>> 
>>>> -
>>>> List info/subscribe/unsubscribe? See
>>>> http://www.freeradius.org/list/users.html
>>>> 
>>> 
>>> 
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>> 
>>> 
>> 
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>> 
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list