EPMP1000 Hotspot

I am attempting to integrate the EPMP1000-Hotspot into our network. The auth method would be WPA-Enterprise.

This means that a potential user, would be prompted on his device, for a username and a password.

This would then be parsed by our radius server (freeradius) and thus the normal auth/accouting rfecords would then be created through radius. Pretty powerful really for an ISP wanting to allow existing users in to the network.

Anyway, it doesnt work.

The problem is that the hotspot is sending the attribute

     "Cleartext-password"

instead of

     "User-Password"

In order to use the unix system password processing, the "User-Password" attribute is required.

Assuming I have it right, is it possible to adjust this?

Keep up the good work. Absolutely fabulous product in the making.

Regards

Mike

What kind of EAP method/supplicant are you plannign to use? Note that the unix system password mechanism is to save only a hash of the password and this is not compatible with most common EAP methods (which require the password in cleartext, or its NT-hash).

Please see the password and eap-type compatibility table here:

http://deployingradius.com/documents/protocols/compatibility.html

So if you are using the standard Windows supplicant for instance, it will use PEAP-MSCHAPv2, and this is not compatible with Unix system passwords (it is unrelated to how the AP sends the request). If the supplicant/wireless-client can do EAP-TTLS with PAP, then the unix password would work.

Another way to use the Unix system password, and have users enter their login and password, would be to use the guest access feature on cnPilot APs, and point them to the same RADIUS server. One downside is that unlike WPA2-Enterprise, this connection will be authenticated, but not encrypted.