moving from WPA2 to WPA2 Enterprise

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Jun 23 16:49:28 CEST 2015


> On Jun 23, 2015, at 10:37 AM, Jochen Demmer <jochen.demmer at peakwork.com> wrote:
> 
> Hi,
> 
> I want to move away from PSK and use 802.1x in the future for our wireless clients.
> 
> - 2 CentOS 7 Servers with Freeradius from repo, currently version: 3.0.4
> - User Backend shall be OpenLDAP with passwords hashed in SSHA (inetOrgPerson/posixAccount)
> - Clients: Android 3,x or 4,x or bigger, iOS 7+, Windows 7+ but mainly 7
> - Within our self-managed CA we will create a certificate that every client will get manually installed
> - We prefer credential based authentication over certificate based client authentication
> 
> questions
> 1)
> A colleague mentioned that we would have a problem with connecting to LDAP, because the passwords stored there are SSHA and he also said that only unencrypted/unhashed passwords will do or NTLM. What road do we need to choose when it comes to authentication methods.

With the common EAP methods you're limited to EAP-TTLS-PAP if using SSHA.

> 2)
> What do I have to consider when choosing the common name for the certificate?

Not sure what you mean by that... I've always used the full name of the employee, and encoded their email address in the certificate as a more unique identifier.

-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150623/b412c4a0/attachment-0001.sig>


More information about the Freeradius-Users mailing list