"Best" authentication mechanisms for Wi-Fi

Phil Mayers p.mayers at imperial.ac.uk
Tue May 5 12:22:56 CEST 2015

On 05/05/15 10:12, Hoggins! wrote:

> Do you think that we could find a more "universal" combination that even
> "old" Windows clients would be compatible with ?

As others have stated: for Windows 7 and earlier, the only built-in 
username/password auth method is PEAP with MSCHAP inner, which requires 
NT hashed passwords.

The other alternatives are to install software onto those platforms that 
supports TTLS with PAP, or to use EAP-TLS with client certificates. Both 
have a deployment burden.

There is no easy option here, I'm afraid.

More information about the Freeradius-Users mailing list