Ah, that is true. I never though that deeply into it, and only did a POC. Is the downfall of doing things this way that passwords must be sent in the clear?
On 10/21/10 1:59 AM, "Phil Mayers" <p.may...@imperial.ac.uk> wrote: >On 10/20/2010 10:59 PM, Rowley, Mathew wrote: >> I was able to configure FreeRadius/AD differently than most tutorials >> just using Kerberos as an authentication mechanism (sorry for any >> weird formatting, coming from a wiki): > >(For the archives) > >The reason it's different than most tutorials, to be clear, is that this >config can only check PAP requests, so is not useful for the common case >of PEAP/MS-CHAP for wireless/wired 802.1x. > >Obviously if you use EAP-TTLS/PAP for 802.1x, or just PAP for some other >service (as CLI login to switches/routers usually is) it'll work fine. > >(People seem to get very confused about this topic, so it's worth noting >;o) >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html