authentication question
Alan DeKok
aland at deployingradius.com
Fri Mar 14 10:42:00 CET 2008
Emre Ersin wrote:
> I am trying to authenticate our wired Windows users by using rlm_perl module
> over secured IMAP.
That won't work.
http://deployingradius.com/documents/protocols/oracles.html
IMAP fits the same column as "LDAP bind as user".
> When I give radtest command with a user-name and
> user-password it accepts;
Because you are supplying a clear-text password. 802.1x
authentication does not do that.
> But xp supplicants (naturally) doesn't send user-passwords while using
> eap-md5. And I really don't want to create thousands of client certificates.
> Which protocol do I have to use or...
>
> Is it possible? Is there a way to authenticate winxp (and vista (and also
> Macos users)) users without installing any client program?
Yes. Use PEAP. It's built into Windows. For wired authentication,
EAP-MD5 should work, too.
> Supplicant (winxp) ---- NAS (hp2626) -------- WAN
> |
> |
> RS -- rlm_perl ----- IMAP(s)
> or POP3(s)
> servers
> (more than one)
Why? The IMAP/POP servers have a user database. Use that to
authenticate 802.1x users. Using rlm_perl && IMAP/POP is horrible.
Plus, it won't work.
Alan DeKok.
More information about the Freeradius-Users
mailing list