Hello,
I want to secure a wireless network (operated with Cisco Aironet 1200 aps) via freeradius connected to an OpenLDAP server; with clients running Windows 2000, Windows XP and Mac OS-X (>= 10.2).
I saw that EAP-MD5 is no recommended (and not supported by Windows XP since SP1).
EAP-TLS is not a choice as there is no LDAP interaction from what I've read on this mailing-list and other places.
The best choice seems to be EAP-TTLS as it is supported by freeradius and the selected clients. But I have some questions about the protocol to use inside the TLS tunnel.
It seems that EAP-MD5 is not possible as passwords are stored in {CRYPT}
format in the LDAP.
I tried the EAP-MD5+LDAP feature and it works indeed with clear
passwords. I was wondering if it would be possible to patch the eap-md5
module to crypt the password sent by the supplicant before comparing it
with the one from the LDAP ?I read some things about using PAP inside EAP-TTLS. It seems that
{CRYPT} passwords work with PAP as I see there is an encryption_scheme
parameter for PAP.But will PAP be supported by supplicants running on Windows and Mac OS-X ?
Thank you for your help,
Christophe.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
