Could I do EAP-TTLS using the securew2 client instead?
Yes, that's an option. And since EAP-TTLS is a standard you'll be able
to have it work on a variety of clients (MAC OS, Pocket PC + SecureW2,
Palm-OS, linux).
Or am I
better off creating a 2nd password attribute on the LDAP directory that is
maybe encoded as an NT-Password attribute or something like that.
That's another option. But if you choose this one, you'll have to make
sure your users change their password through a unique interface that
encode the passowrd as both SSHA and NTLM.
Personnaly I chose the first solution.
Thibault.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
