Wi-Fi and LDAP password auth
tnt at kalik.net
tnt at kalik.net
Wed Oct 29 01:13:25 CET 2008
>My first question for the list, to which I haven't been able to find a
>clear answer ever is : What EAP sub-types are the ones I should
>configure?
>
Nothing. Just don't touch anything in eap.conf and all supported eap
types will work. If you generate certificates with scripts provided you
don't even need to touch the tls section.
>My requirements :
> * Be able to have many different types of clients supported (Windows
>XP, GNU/Linux wpa_supplicant/NM, mobile devices etc.).
> * Not to have to bother about a local CA or any type of PKI (i.e. not
>generate certificates for all users, just have them user their
>login/pass).
>
PEAP should be the protocol most clients will use.
>Should I go with EAP-PEAP? Is that the "PEAPv0/EAP-MSCHAPv2" from the
>wiki?
Yes.
>I also store md5 passwords in my LDAP server, is there any other
>simpler way to configure access using those instead of the LM/NT
>passwords? (my understanding is that... nope)
>
Correct. You can't use md5 passwords with mschap.
http://deployingradius.com/documents/protocols/compatibility.html
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list