RE: free radius setup

2013-09-11 Thread stefan.paetow
The alternative is getting your users to install something like SecureW2 (which I believe requires a license now), and using EAP-TTLS- PAP which submits the users password in plaintext, or I believe more recent flavours of Windows support EAP-TTLS too. If I remember correctly, when using

Re: free radius setup

2013-09-11 Thread Phil Mayers
On 11/09/13 12:05, stefan.pae...@diamond.ac.uk wrote: The alternative is getting your users to install something like SecureW2 (which I believe requires a license now), and using EAP-TTLS- PAP which submits the users password in plaintext, or I believe more recent flavours of Windows support

RE: free radius setup

2013-09-11 Thread stefan.paetow
That's because EAP-TTLS/PAP doesn't use EAP on the inner tunnel. Just PAP. So default_eap_type is irrelevant. You support EAP-TTLS/PAP by ensuring PAP is working in the inner tunnel - by populating a cleartext or hashed password and calling the pap module in the authorize/authenticate

Re: free radius setup

2013-09-10 Thread Arran Cudbard-Bell
On 10 Sep 2013, at 19:15, Swenson, Chris cswen...@curry.edu wrote: I understand a bit more why people were bring up plain text passwords now. My radius server is being presented with peap ms-chapV2 credentials and I want it to receive authentication from my openldap server. What happened

Re: free radius setup

2013-09-10 Thread John Dennis
On 09/10/2013 02:15 PM, Swenson, Chris wrote: I understand a bit more why people were bring up plain text passwords now. My radius server is being presented with peap ms-chapV2 credentials and I want it to receive authentication from my openldap server. It seems that the credentials

RE: free radius setup

2013-09-10 Thread Swenson, Chris
-profit such as my college is. Chris S. -Original Message- From: John Dennis [mailto:jden...@redhat.com] Sent: Tuesday, September 10, 2013 6:09 PM To: FreeRadius users mailing list Cc: Swenson, Chris Subject: Re: free radius setup On 09/10/2013 02:15 PM, Swenson, Chris wrote: I

Re: free radius setup

2013-09-10 Thread Arran Cudbard-Bell
On 10 Sep 2013, at 23:35, Swenson, Chris cswen...@curry.edu wrote: Yes, I already saw that and this is why I am stuck. I am using Aruba 3000 Wireless controllers running the 6.2.X.X code. As I understand it when the laptop user selects the secure SSID they should be prompted for a username

RE: free radius setup

2013-09-10 Thread Swenson, Chris
: free radius setup On 10 Sep 2013, at 19:15, Swenson, Chris cswen...@curry.edu wrote: I understand a bit more why people were bring up plain text passwords now. My radius server is being presented with peap ms-chapV2 credentials and I want it to receive authentication from my openldap server

Re: free radius setup

2013-09-10 Thread John Dennis
On 09/10/2013 06:54 PM, Arran Cudbard-Bell wrote: On the registration page you use to 'activate' users accounts for the service, you get them to login. Once their password is verified against OpenLDAP you do an LDAP modify and store the plaintext version. This is exactly what we did at