While it's nice to constrain this it's also very inflexible.
With fallback disabled we can retain values in tunnel pw and
VLAN ID. Enabling it without these options may be weird, but
not a large problem. Template was rearranged to generate
the most logic outcome.
Some due maintenance sprinkled on top.
* controller eap: changed from dropdown to select_multiple
* model eap: add mulitple option to CertificateField type ca
* script generate_certs: Multiple comma-separated refid values are possible. Use explode() and process them with a foreach loop
* net/freeradius: Support NT hash of user password
To improve security provide an "advanced" option to avoid storing
users' radius passwords in plaintext.
The default behaviour is unchanged.
Tested using an openwrt access point as a client with the opnsense
freeradius plugin set to use PEAP.
Compare: https://github.com/pfsense/FreeBSD-ports/pull/822
* net/freeradius: Bump user model version
To reflect NT password hash change.
---------
Co-authored-by: Stuart McLaren <stuart-mclaren@users.noreply.github.com>
schreibubi
Severin Schüller
Franco Fichtner
Robert Resch
Michael
Tobias Perschon
Monviech
RasAlGhul
Monviech
Patrick M. Hausen
captainko
Philipp Nieting
Chris Helming
stuart-mclaren
clanto007
Ad Schellevis