(RADIATOR) Using RSA SecurID in wireless LAN

Hugh Irvine hugh at open.com.au
Tue May 17 02:26:32 CDT 2005


Hello Ken -

Thanks for your mail.

The debug shows this:

> Mon May 16 15:26:46 2005: INFO: EAP Nak desires type 15
> Mon May 16 15:26:46 2005: DEBUG: EAP result: 1, Desired EAP type 15  
> not
> permitted

EAP Type 15 is SecureID as defined in "Radius/EAP.pm":

$Radius::EAP::EAP_TYPE_SECURID = 15;

however there is no corresponding EAP_15.pm module.

I have copied Mike on this mail for further comment.

regards

Hugh




On 17 May 2005, at 09:08, Kawakubo, Ken wrote:

> All,
>
> I am tesing RSA SecurID in different environments and one of them  
> is if it
> can be used for wireless LAN authentication.
>
> RSA ACE Agent 6.0 for Windows comes with what RSA calls RSA  
> Security EAP
> Client and if installed, RSA Security EAP shows up as a choice  
> under Windows
> Zero Configuration PEAP selections. In another words, you can  
> choose RSA
> Security EAP method to be tunnelled thru PEAP instead of EAP-MSCHAPv2.
>
> It appears that this RSA Security EAP is a ietf draft and  
> officially called
> EAP-POTP (The Protected One-Time Password Protocol) and RSA assigns  
> EAP
> method 32.
> ftp://ftp.rsasecurity.com/pub/otps/eap/draft-nystrom-eap-potp-01.html
>
> I tried the following.
>
> <Handler TunnelledByPEAP=1>
>
>     <AuthBy ACE>
>
>     EAPType Generic-Token
>
>     </AuthBy>
>
> </Handler>
>
> And I got the following message.
>
> Mon May 16 15:26:46 2005: DEBUG: Handling with Radius::AuthACE:
> Mon May 16 15:26:46 2005: DEBUG: Handling with EAP: code 2, 8, 2
> Mon May 16 15:26:46 2005: DEBUG: Response type 3
> Mon May 16 15:26:46 2005: INFO: EAP Nak desires type 15
> Mon May 16 15:26:46 2005: DEBUG: EAP result: 1, Desired EAP type 15  
> not
> permitted
> Mon May 16 15:26:46 2005: DEBUG: AuthBy ACE result: REJECT, Desired  
> EAP type
> 15 not permitted
>
>
> It appears that RSA Security EAP is a new EAP method and Radiator  
> does not
> support it. (By the way, According to the RSA ACES Agent 6.0 for  
> Windows
> documentation, RSA provides a module that allows Microsoft IAS to  
> support
> RSA Security EAP.)
>
> My question is if Radiator will support EAP-POTP. Also, is there  
> other ways
> to integrate RSA SecurID in wireless LAN environment?
>
> Ken Kawakubo
> FHCRC IT
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list