(RADIATOR) 802.1x and vlan assignment

[Paul Dekkers]

Hugh Irvine wrote:

> As to the Windows problem, I am afraid I don't have an answer for you, 
> although it sounds like there is a configuration problem with either 
> the network settings or with the client software. 

> Perhaps there is someone on the list who knows more about Windows than 
> I do? 

I already answered Dordaneh directly, but maybe it's usefull for others 
what my experience is with PEAP: the implementation of Microsoft asks 
the users' identity the first time PEAP is used (and only if 
"Automatically use my Windows logon name and password" is disabled). 
This username and password combination is stored, and never asked again 
(like with the TLS identity), unless there is an "Access-Reject" from 
the RADIUS server.
As soon as the request is /ignored/ (because of a non-existing realm for 
example) windows does not prompt the user for new credentials.

Paul

P.S. This is one of the reasons we did not choose PEAP but TTLS instead: 
imagine you want to change your username, and/or need to verify 
credentials to a backend where passwords are not stored in plain-text... 
or you do not want to store your password at all. And then which PEAP 
implementation do you choose ;-)
For the platforms where Microsoft's PEAP can be used there is also 
support for Alfa & Ariss' SecureW2. (SURFnet asked Alfa & Ariss to make 
this module since there was no good TTLS implementation, and it's even 
freeware now - worth trying.)


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.