Hi yazzy. Wow, thanks for your quick reply! I can bet I saw many of your posts on google too... :)
Anyway, just wondering, will it be insecure if the user/passwords are just left in clear text on a server? Actually, I don't really like the idea of having a different user/pass for the radius authentication and for the portal server authentication... makes it more difficult should a student forget his/her password... but the worst thing of all, the school portal server, its MSSQL db and the internal school network are separated by the entire internet... I'm not sure about the SQL protocol, but if I were to grab user/pass list from the portal server, does it mean they'll be in plain text over the internet too? Forgive me if I'm wrong, but when you mention ppp and mppe128, I've only heard of them as dialup/VPN protocols... or can they be used in APs too? Thanks so much, Tim. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Jessa Sent: Friday, June 11, 2004 5:04 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: MD5-hashed passwords? Hi Tim. If you want to use encryption for your ppp users you need to drop md5 hashing of your sql passwords. Just sync your old SQL database with a new one for radius only and put unencrypted passwords there. You can use md5 hashed passwords but then you will not be able to use crypto for your PPP connections. I'd suggest you to use PPPoE with MPPE128 bit encryption for both passwords and data. You will get a slight overhead on data encryption but not much really. With PPP(oE) you can easly add different bandwith limits for each of the users, set up user's static or dynamic IPs. Cheers, YazzY On Fri, 11 Jun 2004 16:47:43 +0800 <[EMAIL PROTECTED]> wrote: > Hi everyone. > > I've tried searching google countless times but can't get the solution, so > I'm hoping you guys can help me... > > Case: I currently have 11 Cisco 350 series APs in a school, and I'd like to > move away from using MAC filters (for about 250 users so far) and use a > radius solution. The students each have access to a portal, but the > passwords are all hashed with MD5 and stored in a MSSQL database. > > Questions: Are there any authentication protocols (that can use MD5 hashed > passwords) that I could use to authenticate the wireless users? I read the > section about using PAP, but should I use it, does it mean that the > user/pass will be transmitted over the air unencrypted? I'm also hoping to > use some sort of dynamic WEP key rotation or TKIP. > > Right now when I try to configure the clients, I only see PEAP or > certificates (which I don't want to use) as methods of 802.1x > authentication, or LEAP if I use the cisco aironet client... does it mean > I'm limited to the two for authenticating wireless users? > > If I'm able to change the type of encryption used for the portal server's > password database, which type of encryption is supported by > EAP/LEAP/freeradius? > > I'm very new at network authentication/freeradius/linux, so forgive me if I > say something wrong. > > > Thanks, > Tim. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
