Stuckzor wrote:
Thank you, your reply was very usefull, and yes, i am confused about how this things work and i am not ashamed to admit it, but it's getting clearer pretty rapidly :) Now i have one last question (or at least i hope so) - which choice is more viable, using EAP-PEAP+MS-CHAP for wireless auth. (but with clear text passwords this time), like i originaly planned to, or can you recommend using something else? I really don't care, as long as it works with most wireless hardware :)
Unless the wireless hardware is very broken (assuming you mean APs and so forth) it won't care.
The main issue is software support. EAP-PEAP+MS-CHAP is generally considered to be the most widely supported. It works on WinXP, MacOS X and with Linux wpa_supplicant/NetworkManager, most PDAs and so forth.
EAP-TLS is about as well supported, but has much higher administrative overhead since you have to generate and distribute certificates.
All the other EAP mechanisms require special software on windows, which is obviously effort to distribute, install and configure. If you are willing to go to that effort, Secure_W2 offers EAP-TTLS+PAP which will work with any auth database.
If you have the choice, I would recommend going with plaintext or NT-hashed passwords and EAP-PEAP+MS-CHAP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
