Hi everyone, We have shortly migrated our user database to OpenLDAP, keeping the UNIX-crypted passwords. Now I would like to let wireless users authenticate against this LDAP Server. Since we do not have a PKI in place, I have set up an auth chain using PEAP/MSCHAPv2 (you might have guessed from my previous posts). For a first push, I split the chain and tested both LDAP and PEAP with cleartext passwords on the RADIUS side; they both work now.
The big question is, of course, how to deal with the encrypted passwords. Any Challenge-Response protocol such as MSCHAPv2 won't quite cut it, unless you imagine fancy stuff like passing the seed for crypt to the client first who can then in turn do the required hash ... So what might be a feasible Option? TTLS has been a second option only so far, since PEAP is already wired into Windows XP -- which is still what most of our users will be running for some time :-| On the other hand, I haven't seen anything like PEAP-PAP so far, but I have seen there is TTLS-PAP and the like. Any suggestions? Thanks, Martin -- Dr. Martin Pauly Fax: 49-6421-28-26994 HRZ Univ. Marburg Phone: 49-6421-28-23527 Hans-Meerwein-Str. E-Mail: [EMAIL PROTECTED] D-35032 Marburg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
