OpenLDAP and FreeRadius Auth
Alex Gregory
alex at c2company.com
Tue Aug 12 22:19:53 CEST 2014
For those interested; it looks like you have to install the iPhone configuration utility and create a profile. Push that to the host and then it will authenticate.
http://support.apple.com/kb/DL1465
On Aug 12, 2014, at 1:58 AM, Herwin Weststrate <herwin at quarantainenet.nl> wrote:
>>> The supplicant is using TTLS with MS-CHAP inside of the TLS tunnel.
>>> You edited the "inner-tunnel" virtual server, and deleted "mschap" from
>>> it. Put it back.
>>
>> I did have that in there but removed it trying to force it. I will
>> change it back and play with it again tomorrow.
>
> That still won't work, since the passwords are only available as MD5
> hashes, which are incompatible with MSCHAPv2 (there is a nice overview
> on http://deployingradius.com/documents/protocols/compatibility.html).
> You have to change the settings of the client to use PAP as inner
> authentication protocol instead of MSCHAPv2.
>
> --
> Herwin Weststrate
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list