(RADIATOR) FW: Possible to Proxy PEAP-EAP-MSCHAP v2 to IAS? Answer: sort of
tom.rixom at alfa-ariss.com
Wed Feb 18 01:43:17 CST 2004
You need to remove (or rename) the following registry key:
As this key is not documented I cannot say if this effects the use of PEAP-EAPMSCHAPV2.
I have tested this on Windows 2000 SP4. I will be testing Windows 2003 soon.
> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: Tuesday, February 17, 2004 11:45 PM
> To: Tom Rixom; radiator at open.com.au
> Subject: Re: (RADIATOR) FW: Possible to Proxy PEAP-EAP-MSCHAP
> v2 to IAS?
> Answer: sort of
> Hi Tom,
> thanks for the summary.
> What was the registry change to IAS to permit EAP-MSCHAPV2
> On Tue, 17 Feb 2004 06:42 pm, Tom Rixom wrote:
> > Hi All,
> > I would like to share my findings of last week when I
> succesfully set up
> > the following connection:
> > EAP-MSCHAPV2<---------------------------------------------------->
> > EAP-TTLS <-------------------------------------->
> > SecureW2 Client 2.0.0 -- AP (Cisco 1100) -- Radiator (Linux) -- IAS
> > (Windows 2K)
> > I did it without any special patches for Radiator. Only a
> small change
> > to the IAS registry settings was needed to allow it to do
> > It works perfectly with Active Directory users and I have
> also succesfully
> > authenticated a domain computer using 802.1X.
> > I did however run into a small problem which was that the
> "Enable dial-in"
> > option is not available in Windows 2K for domain computers
> which resulted
> > in the domain computer getting an access denied...
> > I am going to try out Windows 2003 next and I hope I can
> get passed the
> > domain computer "dial-in" problem. Or does anyone here have
> any info on
> > this? Does PEAP-EAP-MSCHAPV2 have this problem?
> > I tried the same trick with PEAP and proxied EAP-MSCHAPV2
> and this does not
> > work as IAS requires a special attribute to be sent through
> the TLS tunnel,
> > which PEAP of course does not send... ;)
> > BTW. this was all done using the next SecureW2 Client 2.0.0
> which will run
> > on Windows 2K/XP (Free) and Pocket PC 2003 (Licensed).
> Release date: Q1
> > (soon)
> > Regards,
> > Tom Rixom
> > Alfa & Ariss
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd Unix, Perl,
> Motif, C++, WWW
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator