Authentication Protocol in Freeradius
-
26-12-2019 - |
Question
I want to setup a radius server for my college of around 2000 students and a hundred faculties. I am familiar with freeradius
+MySQL
but never deployed it except for in on my laptop.
- Which
Authentication protocol
should I Choose if my Considerations are
Easy for Users to Connect toNAS
, Easy to Setup for the Users.(w/o 3rd party softwares). - Can I use
WPA2-personal
? - Is
Certificates
necessary and if so how can I implement it? - Is there any particular
EAP
flavor that is supported by both Windows and Linux?
Solution
The only protocols which match your requirements are EAP-TLS and EAP-PEAP. They are pretty much universally supported by all supplicants. EAP-PEAP uses username/password as credentials whereas EAP-TLS uses client certificates.
No. you should use WPA2-Enterprise.
No. Not if you use EAP-PEAP.
EAP-PEAP and EAP-TLS are supported by both.
Note: For EAP-PEAP you either need to have the NT-Password hash of the user, the user's password in cleartext, or an Active directory server which you can auth against.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow