Re: Freeradius-Users digest, Vol 1 #4631 - 12 msgs
This is a discussion on Re: Freeradius-Users digest, Vol 1 #4631 - 12 msgs within the FreeRADIUS Users forums, part of the Networking and Network Related category; > > You can't use PEAP unless you have plaintext passwords stored in the > LDAP or NT/LM ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-19-2005
|
|||
|
|||
Re: Freeradius-Users digest, Vol 1 #4631 - 12 msgs
>
> You can't use PEAP unless you have plaintext passwords stored in the > LDAP or NT/LM password hashes. To use LDAP bind to authenticate you will > need to use TTLS with PAP as inner tunnel authentication. This is how > you can configure your clients to use TTLS+PAP > The passwords are revealed in plaintext. Would prefer to use PEAP w/MsChapv2 as any XP client on our network will already have that. Is there anything special to configure in the eap.conf. I used certs.sh to create the demoCA which I'm using for testing. Thanks. eap.conf eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no tls { private_key_password = whatever private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random } peap { default_eap_type = mschapv2 } mschapv2 { } } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
