moving from WPA2 to WPA2 Enterprise

Jochen Demmer jochen.demmer at peakwork.com
Tue Jun 23 16:37:48 CEST 2015


Hi,

I want to move away from PSK and use 802.1x in the future for our 
wireless clients.

- 2 CentOS 7 Servers with Freeradius from repo, currently version: 3.0.4
- User Backend shall be OpenLDAP with passwords hashed in SSHA 
(inetOrgPerson/posixAccount)
- Clients: Android 3,x or 4,x or bigger, iOS 7+, Windows 7+ but mainly 7
- Within our self-managed CA we will create a certificate that every 
client will get manually installed
- We prefer credential based authentication over certificate based 
client authentication

questions
1)
A colleague mentioned that we would have a problem with connecting to 
LDAP, because the passwords stored there are SSHA and he also said that 
only unencrypted/unhashed passwords will do or NTLM. What road do we 
need to choose when it comes to authentication methods.

2)
What do I have to consider when choosing the common name for the 
certificate?

Thank you in advance

-- 
Peakwork Signature

*Jochen Demmer*
Network Administrator
T: +49-(0)241-4131146-29
jochen.demmer at peakwork.com

peakwork AG | Sonnenweg 15 a | D-52070 Aachen | T: +49-(0)241-4131146-29 
| F: +49-(0)241-4131146-17

peakwork AG (Headquarter) | Flinger Str. 36 | D-40213 Düsseldorf | T: 
+49-(0)211-91368-500 | F: +49-(0)211-91368-509

Executive board: Ralf Usbeck (chairman) | Markus Pfau | Michael Schmidt 
| Dr. Thomas van Kaldenkerken
Chairman of the supervisory board: Markus Voelkel
Company register: Amtsgericht Düsseldorf HRB 71223 | VAT ID.: DE264960677

Peakwork Logo
www.peakwork.com | www.peakwork.de



More information about the Freeradius-Users mailing list