"Best" authentication mechanisms for Wi-Fi

Olivier Nicole Olivier.Nicole at cs.ait.ac.th
Tue May 5 11:30:55 CEST 2015


> We're using FreeRADIUS to authenticate users to access our Wi-Fi. It
> works very well.
> The thing is : we use a mechanism that works perfectly for Android and
> Linux (NetworkManager) clients, but some can't access it, due to
> limitations. I'm thinking of some Windows flavors here.
> We store our passwords hashed in a MySQL database, and recommend the
> users to connect using "WPA2 Enterprise (802.11x) using TTLS method and
> PAP for phase2.
> Do you think that we could find a more "universal" combination that even
> "old" Windows clients would be compatible with ?

In the same newbie language (because I am), you must use
EAP/MS-CHAP. This implies that you have your passwords stored in a LMNT
compatible way (some flavor of MD4).

What I ended with in LDAP is a normal MD5 hashed password for more of
the usage and the same password hashed the MS way for Samba and 802.11x
(and all the burden to keep the passwords in sync).

Best regards,


> I know that my vocabulary might sound really "newbie", although we've
> been running the system for quite some years now, and we had set it up
> using tutorials and some customization.
> But reading again the config. files, I can see that I might have to look
> into the specifics on Windows compatibility in eap.conf file.
> Anyway, in the meantime, if you have some hints on that, I'll be glad to
> read them.
> Best !
> [1/2:application/pgp-signature Show Save:signature.asc (181B)]
> [2:text/plain Hide]
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list