802.1X Port-Based Authentication HOWTO

8. FAQ

Do not forget to check out the FAQ section of both the FreeRADIUS (highly recommended!) and Xsupplicant Web sites!

8.1. Is it possible to allow user-specific Xsupplicant configuration, to avoid having a global configuration file?
8.2. I don't want to use PEAP; can I use EAP-TTLS or EAP-TLS instead?
8.3. Can I use a Windows Supplicant (client) instead of GNU/Linux?
8.4. Can I use a Active Directory to authenticate users?
8.5. Is there any Windows Supplicant clients available?

8.1. Is it possible to allow user-specific Xsupplicant configuration, to avoid having a global configuration file?

No, not at the moment.

8.2. I don't want to use PEAP; can I use EAP-TTLS or EAP-TLS instead?

Yes. To use EAP-TTLS, only small changes to the configuration used in this document are required. To use EAP-TLS, client certificates must be used as well.

8.3. Can I use a Windows Supplicant (client) instead of GNU/Linux?

Yes. Windows XP SP1/Windows 2000 SP3 has support for PEAP MSCHAPv2 (used in this document). A Windows HOWTO can be found here: FreeRADIUS/WinXP Authentication Setup

8.4. Can I use a Active Directory to authenticate users?

Yes. FreeRADIUS can authenticate users from AD by using "ntlm_auth".

8.5. Is there any Windows Supplicant clients available?

Yes. As of Windows XP SP1 or Windows 2000 SP3, support for WPA (PEAP/MS-CHAPv2) is supported. Other clients include (not tested) Secure W2 (free for non-commercial) and WIRE1X. Funk Software also has a commercial client available.