Configuration for md5 not working

Ivan Kalik tnt at kalik.net
Thu Sep 17 19:17:46 CEST 2009


> "If you need to use clear text passwords, the "fix" is to run the method
> inside of PEAP or TTLS, which will generate keys and protect your
> passwords in the air."
>
>  So basically if i set in my eap.conf default type to PEAP, how do I do
> the "fix" you speak of.

That's irrelevant. You need to set PEAP as authentication protocol on the
user machine. Setting it as default on the server you can save one EAP
exchange at best but that won't have any influence on what protocol is
used. That is negotiated between the supplicant and the NAS. Radius server
just processes what was agreed between them.

> Also, in using PEAP, which certificates should I
> edit from the default values?

Read instructions in raddb/certs/README.

> And just do be doubly sure, is this method
> with the "fix" will still allow clients to connect without having to load
> a certificate right?

Not with self-signed certificates. You can purchace a server certificate
from the commercial cert provoder and use their CA but that introduces
vulnerability into your network.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list