(RADIATOR) Using RSA SecurID in wireless LAN
Hugh Irvine
hugh at open.com.au
Tue May 17 02:26:32 CDT 2005
Hello Ken -
Thanks for your mail.
The debug shows this:
> Mon May 16 15:26:46 2005: INFO: EAP Nak desires type 15
> Mon May 16 15:26:46 2005: DEBUG: EAP result: 1, Desired EAP type 15
> not
> permitted
EAP Type 15 is SecureID as defined in "Radius/EAP.pm":
$Radius::EAP::EAP_TYPE_SECURID = 15;
however there is no corresponding EAP_15.pm module.
I have copied Mike on this mail for further comment.
regards
Hugh
On 17 May 2005, at 09:08, Kawakubo, Ken wrote:
> All,
>
> I am tesing RSA SecurID in different environments and one of them
> is if it
> can be used for wireless LAN authentication.
>
> RSA ACE Agent 6.0 for Windows comes with what RSA calls RSA
> Security EAP
> Client and if installed, RSA Security EAP shows up as a choice
> under Windows
> Zero Configuration PEAP selections. In another words, you can
> choose RSA
> Security EAP method to be tunnelled thru PEAP instead of EAP-MSCHAPv2.
>
> It appears that this RSA Security EAP is a ietf draft and
> officially called
> EAP-POTP (The Protected One-Time Password Protocol) and RSA assigns
> EAP
> method 32.
> ftp://ftp.rsasecurity.com/pub/otps/eap/draft-nystrom-eap-potp-01.html
>
> I tried the following.
>
> <Handler TunnelledByPEAP=1>
>
> <AuthBy ACE>
>
> EAPType Generic-Token
>
> </AuthBy>
>
> </Handler>
>
> And I got the following message.
>
> Mon May 16 15:26:46 2005: DEBUG: Handling with Radius::AuthACE:
> Mon May 16 15:26:46 2005: DEBUG: Handling with EAP: code 2, 8, 2
> Mon May 16 15:26:46 2005: DEBUG: Response type 3
> Mon May 16 15:26:46 2005: INFO: EAP Nak desires type 15
> Mon May 16 15:26:46 2005: DEBUG: EAP result: 1, Desired EAP type 15
> not
> permitted
> Mon May 16 15:26:46 2005: DEBUG: AuthBy ACE result: REJECT, Desired
> EAP type
> 15 not permitted
>
>
> It appears that RSA Security EAP is a new EAP method and Radiator
> does not
> support it. (By the way, According to the RSA ACES Agent 6.0 for
> Windows
> documentation, RSA provides a module that allows Microsoft IAS to
> support
> RSA Security EAP.)
>
> My question is if Radiator will support EAP-POTP. Also, is there
> other ways
> to integrate RSA SecurID in wireless LAN environment?
>
> Ken Kawakubo
> FHCRC IT
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list