Freeradius + Active Directory
Phil Mayers
p.mayers at imperial.ac.uk
Thu Oct 21 17:16:49 CEST 2010
On 21/10/10 15:50, Rowley, Mathew wrote:
> Ah, that is true. I never though that deeply into it, and only did a POC.
> Is the downfall of doing things this way that passwords must be sent in
> the clear?
Not really. The User-Password radius field is "encrypted" with the
shared secret, which is reasonable (though not excellent) security.
For wireless/wired 802.1x users, the issue is that the windows
supplicant does not *support* EAP-TTLS/PAP. It only supports
EAP-PEAP/MS-CHAP, so rlm_krb5 is no use in this (common) case.
As I say, if you're just checking PAP it may meet your needs.
More information about the Freeradius-Users
mailing list