AW: understanding

Heinrich, Sebastian S.Heinrich at aos-stade.de
Fri Mar 30 11:18:22 CEST 2012


We don't want to install certificates on the clients, but the problem
that is given in wikipedia is that anybody can install an access point
with the same ssid and a client that would connect with it would give
him his MSCHAP encrypted username and password. How easy is it to crack
such a password?  An authentification wouldn't have happened but the
attacker would have had the encrypted usernames and passwords. That is a
problem because in my configuration that usernames and passwords are
used for the active directory. So is it only secure to connect to the AD
when checking the certificates? Or is there another possibility to make
it secure without installing certificates? 

Best Regards

Sebastian Heinrich
Techn. DV 

Aluminium Oxid Stade GmbH
21683 Stade

email  S.Heinrich at aos-stade.de
web    http://www.aos-stade.de


More information about the Freeradius-Users mailing list