Configuration for md5 not working
David Mitton
david at mitton.com
Thu Sep 17 16:25:34 CEST 2009
From: From: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
Sep 17, 2009 04:28:13 AM, freeradius-users at lists.freeradius.org wrote:
>Hi,
>
>> I have everything configured for md5 authentication so that I do not need to
>> use either server or client-side certificates. I have my access points
>> configured in /etc/raddb/clients.conf and my users configured in
>> /etc/raddb/users >> >>>>
> My access point is set to WPA Enterprise security using a RADIUS server.
>
>cool. last time i checked you couldnt use MD5 as a method for wireless 802.1X
>- there are only certain EAP types that can be used - PEAP, EAP-TLS, EAP-TTLS
>etc being some of them.
Microsoft has disabled MD5 in recent releases. If you really want to use it, you have to figure out how to reenable it.
You can, but that's an exercise for the reader.
For WPA wireless encryption, you must use an EAP method that generates encryption keys. MD5 does not. Neither does GTC.
If you need to use clear text passwords, the "fix" is to run the method inside of PEAP or TTLS, which will generate keys
and protect your passwords in the air.
> MD5 is fine for wired because - ha ha - wired 802.1X
>is a bit of a joke really - all it does is authenticate you, there is no
Um, I don't get the "joke"? How is that different than normal NAS PPP dial-up access that RADIUS was originally designed for?
Most people using wired 802.1X only need network access control. Wireless is the special case here.
And the encryption only covers the connection between the station and the access point.
If you want to protect your data on a physical wire, use a VPN or IPSEC.
Dave Mitton.
>link layer encryption going on - unlike WPA Enterprise wireless - which all gets
>encapsulated in an EAP tunnel - hence you need specific types of EAP for wifi
>...
>alan
More information about the Freeradius-Users
mailing list