(RADIATOR) Possible to Proxy PEAP-EAP-MSCHAP v2 to IAS?

Terry Simons galimore at mac.com
Mon Feb 9 12:50:45 CST 2004


Steve,

The Alfa+Ariss plugin works much better now IMO.

You can set it up to auto-authenticate without prompting for a username 
and password each time, so it's transparent.

You can also set it up to prompt you for credentials if you wish to do 
that.

The only thing we haven't been able to get working is the verification 
of our server certificates, but that's waiting on me sending some 
information to the SecureW2 developers so they can look at the problem.

Anyway... it seems to work pretty well for many of our users that don't 
like AEGIS, or for whom AEGIS doesn't work.

- Terry

P.S. I'm glad you found our documentation useful!

On Feb 9, 2004, at 10:35 AM, Steve Caporossi wrote:

> See Below...
>
> Terry Simons wrote:
>
>> I'm just curious as to the reason for wanting to use PEAP.
> Not really *wanting* to but looking for low cost solutions.  Our 
> customers want to know why they have to pay for something that the OS 
> supports.
>
>> Is it because TLS and PEAP are the only natively supported EAP types 
>> in Windows, and people don't want to install extra software just to 
>> gain 802.1x functionality, or is it because people don't want to 
>> *pay* for extra software to gain functionality that is "present" in 
>> Windows?
> Yes & yes.  One more piece of software to support and, in times of 
> budget cutbacks, free is a big plus :-)
>
>> For what it's worth, there is a *free* TTLS->PAP plugin for Windows 
>> that plugs right in to WIndows XP Zero Config which works quite 
>> nicely, so for those that don't want to spend the extra cash, this 
>> might be an option.
> I looked at it a year or so ago...and was not happy with it...I'll 
> look at it again.
>
>> We're using TTLS->PAP at the University of Utah because we feel that 
>> PEAP is too much of a security  risk (since it requires plain-text or 
>> reversibly encrypted passwords be stored on the server).
> We have the some of the same concerns and are also using TTLS->PAP, 
> currently with the Odyssey Client.  Being able to pre-configure the 
> client is a big plus.
>
>> TTLS->PAP is also natively supported by Linux (with xsupplicant) and 
>> Mac OS X (10.3.x).
> I have used the instructions on your site to setup a mac for 
> testing...Good Job!
>
>> I just thought I'd mention the option for people that might be 
>> interested in using it.
>> The plugin for Windows is called "SecureW2" and is available from the 
>> following URL:
>> http://www.alfa-ariss.com/
>> You'll need to click on "[EN]" at the bottom of the page to get the 
>> English version.
>> - Terry

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list