WPA Enterprise, 802.1X, Freeradius, EAP & Kerberos
Alan DeKok
aland at deployingradius.com
Fri May 8 21:00:18 CEST 2009
Scott Sears wrote:
> I cannot get all the pieces working together.
> Laptop->AP->Freeradius->Kerberos.
It's impossible.
Kerberos requires a clear-text password to authenticate (or various
Kerberos crypto tokens derived from the password).
PEAP supplies an MS-CHAP hash, not a clear-text password.
So the two are *incompatible*.
If you use SecureW2, you can configure Windows to do TTLS+PAP. That
will supply a clear-text password in the inner tunnel, which will allow
kerberos to work.
> I can see this problem has been posted to the list many times,
Kerberos + EAP? I don't recall seeing that very often.
Windows + EAP questions happen a lot...
Alan DeKok.
More information about the Freeradius-Users
mailing list