Freeradius + WPA2 + Windows Client

Fajar A. Nugraha fajar at fajar.net
Thu Aug 19 12:13:32 CEST 2010


On Thu, Aug 19, 2010 at 3:42 PM, rrperez <rrperez at apc.edu.ph> wrote:
>
> Sorry for the inconvenience Alan, I'm just a student and currently
> studying/exploring radius servers.
>

You seem to be selectively ignoring some sugesstions though. It's fine
if you REALLY know what you're doing, but this does not seem to be the
case.


>
> Now I changed all the configuration back to default and make the some
> configuration to make ldap works.
>
> Here is the debug and it is quite different from the previous one:

Here's some things you need to take note of:
(1) If you configure clients to use PEAPv0/EAP-MSCHAPv2 (or sometimes
refered to as PEAP only), it does not supply plain-text/cleartext
password
(2) authenticating to Lotus Domino requires that you supply plain-text
password, since Lotus stores password using some propietary
hash/encryption
(3) One of the EAP methods that can send plain-text password is
PEAP-GTC (others on this list have suggested TTLS-PAP)
(4) Windows by itself does not support PEAP-GTC or TTLS-PAP
(5) Thus, you need third-party supplicant to have Windows be able to
use EAP methods which sends cleartext password.

Does this make sense so far?
Have you use any third-party supplicant and configure them to do
either PEAP-GTC or TTLS-PAP? If yes, the password that you typed when
authenticating should show up in the debug log (which doesn't seem to
be the case).

See
http://wiki.freeradius.org/Extensible_Authentication_Protocol
http://lists.freeradius.org/pipermail/freeradius-users/2010-August/msg00297.html

Commercial supplicant is also available:
http://www.ciscosystems.com/en/US/products/ps7034/products_configuration_example09186a0080734afc.shtml


-- 
Fajar



More information about the Freeradius-Users mailing list