Steve Hopps wrote: > We're trying to use an access point configured for wpa2 using freeradius > to authenticate with openldap. For Android and Linux it works out of the > box with eap/ttls and pap. So we used Pam cause it already works with > ldap. I didn't know other encryption types wouldn't work with Pam.
This confuses me. Why use PAM when FreeRADIUS can use LDAP directly? > IPhones work with a custom config profile that's easily installed. > However, our most significant hurdle is windows machines. Who would have > guessed??? For some stupid reason Microsoft doesn't care about > supporting all modern encryption standards. Making our staff pay for > SecureW2 isn't an option and XSupplicant doesn't work reliably yet in > 64bit Win7. So I'm back to trying to get mschapv2 working with peap. > This seems impossible. It's possible. It's easy. (a) configure FreeRADIUS to query LDAP directly (b) ensure that the passwords in LDAP are stored in a format compatible with MS-CHAP. If you can do both, then getting PEAP to work should be trivial. In 2.1.2, you can use "radclient" to send MS-CHAP requests to the server. Don't even THINK of trying to get PEAP to work until you have plain old MS-CHAP working. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
