"Best" authentication mechanisms for Wi-Fi
Michael Ströder
michael at stroeder.com
Tue May 5 11:33:57 CEST 2015
Hoggins! wrote:
> We're using FreeRADIUS to authenticate users to access our Wi-Fi. It
> works very well.
> The thing is : we use a mechanism that works perfectly for Android and
> Linux (NetworkManager) clients, but some can't access it, due to
> limitations. I'm thinking of some Windows flavors here.
>
> We store our passwords hashed in a MySQL database, and recommend the
> users to connect using "WPA2 Enterprise (802.11x) using TTLS method and
> PAP for phase2.
>
> Do you think that we could find a more "universal" combination that even
> "old" Windows clients would be compatible with ?
I've also been through EAP-TTLS/PAP setup with Windows client the last days
using OpenLDAP server as backend also with strong-hashed passwords. I do
understand now why hotspot systems work with MAC addresses and authc via
obscure web interfaces to make things look convenient for the average user. ;-)
My tests with Windows 8 showed that it tries to use NTLM passwords in EAP-TTLS
by default.
But which route to take very much depends on your security requirements and
operational preferences. Could you elaborate on that?
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150505/59fdb135/attachment.bin>
More information about the Freeradius-Users
mailing list