Wi-Fi and LDAP password auth

tnt at kalik.net tnt at kalik.net
Wed Oct 29 01:13:25 CET 2008


>My first question for the list, to which I haven't been able to find a
>clear answer ever is : What EAP sub-types are the ones I should
>configure?
>
Nothing. Just don't touch anything in eap.conf and all supported eap
types will work. If you generate certificates with scripts provided you
don't even need to touch the tls section.

>My requirements :
> * Be able to have many different types of clients supported (Windows
>XP, GNU/Linux wpa_supplicant/NM, mobile devices etc.).
> * Not to have to bother about a local CA or any type of PKI (i.e. not
>generate certificates for all users, just have them user their
>login/pass).
>

PEAP should be the protocol most clients will use.

>Should I go with EAP-PEAP? Is that the "PEAPv0/EAP-MSCHAPv2" from the
>wiki?

Yes.

>I also store md5 passwords in my LDAP server, is there any other
>simpler way to configure access using those instead of the LM/NT
>passwords? (my understanding is that... nope)
>

Correct. You can't use md5 passwords with mschap.

http://deployingradius.com/documents/protocols/compatibility.html

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list