(RADIATOR) 802.1x and vlan assignment

Arangeh, Dordaneh dordaneh.arangeh at id.ethz.ch
Wed Sep 17 05:24:32 CDT 2003 

Hello Paul,
Thanks for tip. I shall try it and will write about the matter as soon
we have some more information and results. One point is, I am not sure
weather cisco Catalyst switches are working well with other protocols
but will definitely try it.

Thanks again and regards
Dordaneh

-----Original Message-----
From: Paul Dekkers [mailto:Paul.Dekkers at surfnet.nl] 
Sent: Mittwoch, 17. September 2003 11:08
To: Hugh Irvine
Cc: Arangeh, Dordaneh; radiator at open.com.au
Subject: Re: (RADIATOR) 802.1x and vlan assignment

Hugh Irvine wrote:

> As to the Windows problem, I am afraid I don't have an answer for you,

> although it sounds like there is a configuration problem with either 
> the network settings or with the client software. 

> Perhaps there is someone on the list who knows more about Windows than

> I do? 

I already answered Dordaneh directly, but maybe it's usefull for others 
what my experience is with PEAP: the implementation of Microsoft asks 
the users' identity the first time PEAP is used (and only if 
"Automatically use my Windows logon name and password" is disabled). 
This username and password combination is stored, and never asked again 
(like with the TLS identity), unless there is an "Access-Reject" from 
the RADIUS server.
As soon as the request is /ignored/ (because of a non-existing realm for

example) windows does not prompt the user for new credentials.

Paul

P.S. This is one of the reasons we did not choose PEAP but TTLS instead:

imagine you want to change your username, and/or need to verify 
credentials to a backend where passwords are not stored in plain-text...

or you do not want to store your password at all. And then which PEAP 
implementation do you choose ;-)
For the platforms where Microsoft's PEAP can be used there is also 
support for Alfa & Ariss' SecureW2. (SURFnet asked Alfa & Ariss to make 
this module since there was no good TTLS implementation, and it's even 
freeware now - worth trying.)


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list