"Best" authentication mechanisms for Wi-Fi

Hoggins! hoggins at wheres5.com
Tue May 5 11:57:55 CEST 2015


Le 05/05/2015 11:33, Michael Ströder a écrit :
> I've also been through EAP-TTLS/PAP setup with Windows client the last
> days using OpenLDAP server as backend also with strong-hashed
> passwords. I do understand now why hotspot systems work with MAC
> addresses and authc via obscure web interfaces to make things look
> convenient for the average user. ;-)
> My tests with Windows 8 showed that it tries to use NTLM passwords in
> EAP-TTLS by default.
> But which route to take very much depends on your security
> requirements and operational preferences. Could you elaborate on that?

Actually, it's a simple setup that only requires some security, more
than a pre-shared key.
The FreeRADIUS server picks up information in a database that is also
used for a website : people authenticating on that website can also use
the Wi-Fi of our facilities using their website password. It's also
easier to revoke people when needed, etc.

It's very small (for a student radio in France), and the security
requirements are not absolutely vital, but anyway, we know that some of
our users have difficulties connecting under Windows. And, of course, no
error is ever available on their side to describe the problem.

> Ciao, Michael. 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150505/526097ca/attachment.sig>

More information about the Freeradius-Users mailing list