James Taylor wrote:
Am I able to use PEAP to auth to UNIX or PAM instead of mscahpv2? Do I do
this in the EAP.CONF file? What we are basically trying to do is use
FreeRadius to authenticate against our current user database on our linux
server while still maintaining the PEAP-TLS security with wireless. Is that
even possible?
PEAP can have several inner types. One of these is "GTC" (generic token
card) which sends a prompt and asks for a response. I believe the prompt
can be "password" and the response the actual password.
How well windows' GTC support works I couldn't tell you, though I know
it's there.
See the "gtc" section in "eap.conf"
PAM would not help; as Josh says, MSCHAPv2 needs the NT/LM hashes, which
means either having the hashes, or the plaintext password to generate
them from, not a "crypt". In any event, PAM seems to work very badly
because of threading issues.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
