802.1X - ldap AND users file
Alan DeKok
alan.dekok at inkbridge.io
Fri Apr 10 12:59:56 UTC 2026
On Apr 10, 2026, at 7:50 AM, Cedric Delaunay <Cedric.Delaunay at insa-rennes.fr> wrote:
> Unfortunately, I tried your proposals this morning with non success :
Oh well. :(
> That's what Brian expected :( => server is ok but client don't
> Any other way to reach my goal ?
Use TTLS with PAP.
Plus, you shouldn't really be using PEAP/MS-CHAP. Using that requires you to store clear-text passwords on disk. Which is very bad.
PAP is substantially more secure, despite random nonsense articles you might find on the net. There will shortly be an RFC which explains this, and deprecates CHAP / MS-CHAP in favour of PAP.
Alan DeKok.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20260410/74e64ad5/attachment.sig>
More information about the Freeradius-Users
mailing list