Hi, > The reasons you stated are why I think this is near impossible. Our > passwords are stored with md5... I'm not fond of the idea that in > order to get this to work, we have to compromise our security policy. > > As for the Windows salesman, leaving out features from one OS to sell > a newer OS is one of the reasons I cannot stand your company. That > said, Windows 7 is great in my opinion, like Windows XP. If you really > care, put pressure on your higher ups to extend the functionality to > support things like EAP/TTLS and PAP. I'm sure there's other > deficiencies.. How is it right to sell "ultimate" versions of an OS > for $150-200 when they dont even support as many features as a free, > open source system? > > I just got into work, so I'll be looking over the suggestions and > making more attempts at this. Thanks again for all the help!
Here's one more: many folks in eduroam have gone through the exact same considerations, and some indeed need TTLS-PAP. If it is unavoidable, there is a GPLed version of SecureW2 which can deliver TTLS-PAP to older versions of Windows. I'm sure you can find it on the internet somewhere. Stefan > > > On Wed, May 30, 2012 at 8:15 AM, Phil Mayers <p.may...@imperial.ac.uk> wrote: >> On 30/05/12 13:44, Steve Hopps wrote: >> >>> IPhones work with a custom config profile that's easily installed. >>> However, our most significant hurdle is windows machines. Who would have >>> guessed??? For some stupid reason Microsoft doesn't care about >>> supporting all modern encryption standards. Making our staff pay for >>> SecureW2 isn't an option and XSupplicant doesn't work reliably yet in >>> 64bit Win7. So I'm back to trying to get mschapv2 working with peap. >>> This seems impossible. >> >> >> It's certainly a shame that Windows 7 doesn't support TTLS/PAP. >> >> PEAP/MSCHAP requires you have the plaintext password or NT hash, or access >> to an mschap "oracle" like ntlm_auth running on Samba as a member of the >> domain. >> >> If you don't have those, you can't do PEAP/MSCHAP, and your options are very >> limited. >> >> EAP-TLS, perhaps? >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html