OpenLDAP and FreeRadius Auth
Alex Gregory
alex at c2company.com
Tue Aug 12 21:58:11 CEST 2014
It appears that Mac’s cannot do TTLS with MD5. They have to do it with MS-CHAPv2:
http://training.apple.com/pdf/WP_8021X_Authentication.pdf
I will continue to search to see if there is a way but I appreciate everyone steering me in the right direction.
Alex
On Aug 12, 2014, at 1:58 AM, Herwin Weststrate <herwin at quarantainenet.nl> wrote:
>>> The supplicant is using TTLS with MS-CHAP inside of the TLS tunnel.
>>> You edited the "inner-tunnel" virtual server, and deleted "mschap" from
>>> it. Put it back.
>>
>> I did have that in there but removed it trying to force it. I will
>> change it back and play with it again tomorrow.
>
> That still won't work, since the passwords are only available as MD5
> hashes, which are incompatible with MSCHAPv2 (there is a nice overview
> on http://deployingradius.com/documents/protocols/compatibility.html).
> You have to change the settings of the client to use PAP as inner
> authentication protocol instead of MSCHAPv2.
>
> --
> Herwin Weststrate
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list