> There are 2 types of EAP authentications that are currently > supported by > Freeradius > 1. EAP-MD5 > 2. EAP-TLS > > The one which you tested is EAP-md5. It is just similar to CHAP > authentication. > It works only with PLAIN TEXT passwords. > So if you have plain text password stored in files, database or LDAP, > then it works. > > EAP-TLS is Certificate based authentication.
I don't understand where this restriction comes from. Once the FreeRADIUS server gets the password from the NAS, what prevents it from checking that password against /etc/shadow, PAM, another RADIUS server, or whatever? --J - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html