(RADIATOR) Question about PEAP authentication?
John McFadden
dasjlm at uwo.ca
Fri Jan 23 13:56:16 CST 2004
I've been testing EAP-TTLS and EAP-PEAP.
I understand EAP-TTLS (FUNK) typcially uses 'Anonymous' as the outer
userid and that is typically handled via a local file with an anonymous
entry.
I got that to work ok but had a few problems trying to integrate
EAP-PEAP as it was trying to authenticate the inner userid in the outer
authentication of of course that id was not in the file.
It appears I need to add an appropriate AuthBy in the outer
authenticaiton to handle that userid.
ie:
It appears EAP-PEAP uses the person's inner userid not anonymous and
that one would have to authenticate against a source that has those ids
instead of the local file.
I my case that source is a domain controller so I'm usingAuthBy LSA.
I'm authenticating the inner request against a domain controller via LSA
so that means I should authenicate the outer request via LSA as well.
I assume the outer request is checking to make sure the id is valid as
password is not available.
So if I want to support both TTLS and PEAP I would have to use an
AuthByPolicy to support AuthBy File for TTLS and AuthBy LSA for PEAP to
handle the outer authenticaiton?
Any comments, suggestions?
Thanks in advance
John McFadden
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list