Is LDAP + EAP Possible For Me?
Fajar A. Nugraha
list at fajar.net
Tue Apr 15 14:55:27 CEST 2014
On Tue, Apr 15, 2014 at 7:41 PM, Ethan Chrisawn <echrisawn at ecrsoft.com>wrote:
> I've been searching for a while now, and I can't seem to find a good
> answer. I have an ldap server and I would like to authenticate my users
> wirelessly without generating individual client certs for every device.
>
> I heard that PEAP doesn't require the manual creation of client certs, but
> I can't use that with ldap because I can't pass it a cleartext password,
> right? What other options do I have to accomplish what I'm after?
>
>
For starters:
(1) what kind of LDAP server are you using? Can you get plain-text or
NT-hash passwords from it? Is it Active Directory?
(2) what kind of clients are you using? e.g. all windows 8? mix of clients?
(3) do you have third-party WPA supplicant for your clients (e.g. odyssey
access client, or something similar)?
Depending on the answer for those questions, it might be possible. For
example, if your clients are all windows 8 or above, then you should be
able to use TTLS-PAP (which passes cleartext password in the inner tunnel).
--
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140415/64b7f205/attachment.html>
More information about the Freeradius-Users
mailing list