more EAP/TTLS trouble
Phil Mayers
p.mayers at imperial.ac.uk
Wed May 30 15:15:09 CEST 2012
On 30/05/12 13:44, Steve Hopps wrote:
> IPhones work with a custom config profile that's easily installed.
> However, our most significant hurdle is windows machines. Who would have
> guessed??? For some stupid reason Microsoft doesn't care about
> supporting all modern encryption standards. Making our staff pay for
> SecureW2 isn't an option and XSupplicant doesn't work reliably yet in
> 64bit Win7. So I'm back to trying to get mschapv2 working with peap.
> This seems impossible.
It's certainly a shame that Windows 7 doesn't support TTLS/PAP.
PEAP/MSCHAP requires you have the plaintext password or NT hash, or
access to an mschap "oracle" like ntlm_auth running on Samba as a member
of the domain.
If you don't have those, you can't do PEAP/MSCHAP, and your options are
very limited.
EAP-TLS, perhaps?
More information about the Freeradius-Users
mailing list