(RADIATOR) FW: Possible to Proxy PEAP-EAP-MSCHAP v2 to IAS? Answer: sort of

Mike McCauley mikem at open.com.au
Tue Feb 17 16:44:50 CST 2004 

Hi Tom,

thanks for the summary.

What was the registry change to IAS to permit EAP-MSCHAPV2

Cheers.

On Tue, 17 Feb 2004 06:42 pm, Tom Rixom wrote:
> Hi All,
>
> I would like to share my findings of last week when I succesfully set up
> the following connection:
>
> EAP-MSCHAPV2<---------------------------------------------------->
> EAP-TTLS <-------------------------------------->
> SecureW2 Client 2.0.0 -- AP (Cisco 1100) -- Radiator (Linux) -- IAS
> (Windows 2K)
>
> I did it without any special patches for Radiator. Only a small change
> to the IAS registry settings was needed to allow it to do EAP-MSCHAPV2.
>
> It works perfectly with Active Directory users and I have also succesfully
> authenticated a domain computer using 802.1X.
> I did however run into a small problem which was that the "Enable dial-in"
> option is not available in Windows 2K for domain computers which resulted
> in the domain computer getting an access denied...
>
> I am going to try out Windows 2003 next and I hope I can get passed the
> domain computer "dial-in" problem. Or does anyone here have any info on
> this? Does PEAP-EAP-MSCHAPV2 have this problem?
>
> I tried the same trick with PEAP and proxied EAP-MSCHAPV2 and this does not
> work as IAS requires a special attribute to be sent through the TLS tunnel,
> which PEAP of course does not send... ;)
>
> BTW. this was all done using the next SecureW2 Client 2.0.0 which will run
> on Windows 2K/XP (Free) and Pocket PC 2003 (Licensed). Release date: Q1
> (soon)
>
> Regards,
>
> Tom Rixom
> Alfa & Ariss
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list