moving from WPA2 to WPA2 Enterprise

Jochen Demmer jochen.demmer at peakwork.com
Tue Jun 23 23:28:19 CEST 2015


Thanks for the response.
So EAP-TTLS windows 7 doesn't support out of the box, right?
I actually don't feel very comfortable with the idea of installing third party software on all machines.
What other options are there? My feeling the second best option is to use client certificates. But would I still be able to use openldap in the background?
What about revocation lists? How do I take care of them?

The longer I write, the better I like third party software...

Maybe there's another way. Our ldap also stores ntlm passwords for samba.

Please someone share his experience with me.
Sent from my cellphone

> Am 23.06.2015 um 18:13 schrieb Alan Buxey <A.L.M.Buxey at lboro.ac.uk>:
> 
> The SSHA are non reversible and LDAP won't do challenge response for PEAP. So you either need to have them in another encryption method or be limited to EAP-TTLS/PAP 
> 
> Regarding cert. ..and this is very important for TTLS/PAP. The common name is just a name that the clients are configured to check in the applicant properties. Common practice is to use a domain name that makes sense. ...but you can just call it 'networkaccess' if you want.....that'd even work across a proxied link. Use the same cert on both servers. ..its not like secure web where you are tied to DNS and host name mappings. 
> 
> alan



More information about the Freeradius-Users mailing list