Emre Ersin wrote: > I am trying to authenticate our wired Windows users by using rlm_perl module > over secured IMAP.
That won't work. http://deployingradius.com/documents/protocols/oracles.html IMAP fits the same column as "LDAP bind as user". > When I give radtest command with a user-name and > user-password it accepts; Because you are supplying a clear-text password. 802.1x authentication does not do that. > But xp supplicants (naturally) doesn't send user-passwords while using > eap-md5. And I really don't want to create thousands of client certificates. > Which protocol do I have to use or... > > Is it possible? Is there a way to authenticate winxp (and vista (and also > Macos users)) users without installing any client program? Yes. Use PEAP. It's built into Windows. For wired authentication, EAP-MD5 should work, too. > Supplicant (winxp) ---- NAS (hp2626) -------- WAN > | > | > RS -- rlm_perl ----- IMAP(s) > or POP3(s) > servers > (more than one) Why? The IMAP/POP servers have a user database. Use that to authenticate 802.1x users. Using rlm_perl && IMAP/POP is horrible. Plus, it won't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html