FreeRADIUS MSCHAPv2 compatibility
Options
Master Member
Hi i've set up a FreeRADIUS server with OpenLDAP in a docker compose environment for wifi authentication. Nebula uses MSCHAPv2, which only supports cleartext passwords or nt hashes, which are insecure. What's the best solution to use FreeRADIUS with an user directory like OpenLDAP.
//EDIT: Have a look at http://deployingradius.com/documents/protocols/compatibility.html
Thanks!
//EDIT: Have a look at http://deployingradius.com/documents/protocols/compatibility.html
Thanks!
0
All Replies
-
Hi, @baba
Nebula use PEAP with EAP-MSCHAPv2, which would be secure as the MSCHAPv2 messages are sent through a TLS-protected tunnel.
And Nebula only supports an external RADIUS server to authenticate for now, LDAP server would be unable to work.
If you're interested, the below FAQ is tip to set up 802.1x authentication with an external radius server on Nebula:
Thank you.
0
Zyxel Employee
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 52 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
