The reasons you stated are why I think this is near impossible. Our passwords are stored with md5... I'm not fond of the idea that in order to get this to work, we have to compromise our security policy.
As for the Windows salesman, leaving out features from one OS to sell a newer OS is one of the reasons I cannot stand your company. That said, Windows 7 is great in my opinion, like Windows XP. If you really care, put pressure on your higher ups to extend the functionality to support things like EAP/TTLS and PAP. I'm sure there's other deficiencies.. How is it right to sell "ultimate" versions of an OS for $150-200 when they dont even support as many features as a free, open source system? I just got into work, so I'll be looking over the suggestions and making more attempts at this. Thanks again for all the help! On Wed, May 30, 2012 at 8:15 AM, Phil Mayers <[email protected]> wrote: > On 30/05/12 13:44, Steve Hopps wrote: > >> IPhones work with a custom config profile that's easily installed. >> However, our most significant hurdle is windows machines. Who would have >> guessed??? For some stupid reason Microsoft doesn't care about >> supporting all modern encryption standards. Making our staff pay for >> SecureW2 isn't an option and XSupplicant doesn't work reliably yet in >> 64bit Win7. So I'm back to trying to get mschapv2 working with peap. >> This seems impossible. > > > It's certainly a shame that Windows 7 doesn't support TTLS/PAP. > > PEAP/MSCHAP requires you have the plaintext password or NT hash, or access > to an mschap "oracle" like ntlm_auth running on Samba as a member of the > domain. > > If you don't have those, you can't do PEAP/MSCHAP, and your options are very > limited. > > EAP-TLS, perhaps? > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
