(RADIATOR) Question about PEAP authentication?

John McFadden dasjlm at uwo.ca
Fri Jan 23 13:56:16 CST 2004


I've been testing EAP-TTLS and EAP-PEAP. 

I understand EAP-TTLS (FUNK)  typcially uses 'Anonymous' as the outer 
userid and that is typically handled via a local file with an anonymous 
entry.
I got that to work ok but had a few problems trying to integrate 
EAP-PEAP as it was trying to authenticate the inner userid in the outer 
authentication of of course that id was not in the file.

It appears I need to add an appropriate AuthBy in the outer 
authenticaiton to handle that userid.

ie:

It appears EAP-PEAP uses the person's inner userid not anonymous and 
that one would have to authenticate against a source that has those ids 
instead of the local file.
I my case that source is a domain controller so I'm usingAuthBy LSA.

I'm authenticating the inner request against a domain controller via LSA 
so that means I should authenicate the outer request via LSA as well.  
I assume the outer request is checking to make sure the id is valid as 
password is not available.

So if I want to support both TTLS and PEAP I would have to use an 
AuthByPolicy to support AuthBy File for TTLS and AuthBy LSA for PEAP to 
handle the outer authenticaiton?

Any comments, suggestions?

Thanks in advance
John McFadden








===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list