>My first question for the list, to which I haven't been able to find a >clear answer ever is : What EAP sub-types are the ones I should >configure? > Nothing. Just don't touch anything in eap.conf and all supported eap types will work. If you generate certificates with scripts provided you don't even need to touch the tls section.
>My requirements : > * Be able to have many different types of clients supported (Windows >XP, GNU/Linux wpa_supplicant/NM, mobile devices etc.). > * Not to have to bother about a local CA or any type of PKI (i.e. not >generate certificates for all users, just have them user their >login/pass). > PEAP should be the protocol most clients will use. >Should I go with EAP-PEAP? Is that the "PEAPv0/EAP-MSCHAPv2" from the >wiki? Yes. >I also store md5 passwords in my LDAP server, is there any other >simpler way to configure access using those instead of the LM/NT >passwords? (my understanding is that... nope) > Correct. You can't use md5 passwords with mschap. http://deployingradius.com/documents/protocols/compatibility.html Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
