Freeradius 2.1.10 EAP-MD5 problem

Stefan Winter stefan.winter at restena.lu
Mon Jan 5 10:37:00 CET 2015


Hi,

> if you want less secure solution then you can use PEAP or EAP-TTLS (depending
> on client support requirements) as both can be used without installing certificates
> (your RADIUS server simply has to have a cert signed by a CA thats already trusted
> by the client - ie one that costs money)

Well the clients still need to mark that particular CA as the trusted
one; so manual interaction is still necessary.

He could go for EAP-pwd as it works completely without any kind of
certificate; but it means he'll have to install support for the EAP type
itself on Windows.

Of course there are tools which handle the install CA / mark CA as
trusted / install EAP type things in an automated way, e.g.
https://802.1x-config.org .

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3226 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150105/33e05274/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150105/33e05274/attachment-0001.pgp>


More information about the Freeradius-Users mailing list