FR2.1.3+LDAP+802.1x+PEAP
tnt at kalik.net
tnt at kalik.net
Fri Nov 13 19:26:46 CET 2009
> My conclusion is:
> i could go for EAP-TTLS + xsupplicant (there is also a windows version),
> then i dont need to weaken my server security, but i force the client to
> install a 3th party tool
People also use SecureW2. Compare and see which one is better.
> or as discuses with Ivan, i could make some rules, based on the NAS-ID or
> NAS-IP, where to check for the 802.1x users (in users file), right?
I never said that was a good idea ;-) On the contrary, I pointed out
serious security flaws in that approach. If you are adamant that you want
to keep encrypted password incompatible with peap, TTLS/PAP is the way to
go.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list