(RADIATOR) Using RSA SecurID in wireless LAN
Mike McCauley
mikem at open.com.au
Tue May 17 04:35:58 CDT 2005
Hello Ken,
On Tuesday 17 May 2005 17:26, Hugh Irvine wrote:
> Hello Ken -
>
> Thanks for your mail.
>
> The debug shows this:
> > Mon May 16 15:26:46 2005: INFO: EAP Nak desires type 15
> > Mon May 16 15:26:46 2005: DEBUG: EAP result: 1, Desired EAP type 15
> > not
> > permitted
>
> EAP Type 15 is SecureID as defined in "Radius/EAP.pm":
>
> $Radius::EAP::EAP_TYPE_SECURID = 15;
>
> however there is no corresponding EAP_15.pm module.
EAP type 15 id a proprietary SecurID EAP type. It has not been published and
is therefore not supported by Radiator.
Cheers.
>
> I have copied Mike on this mail for further comment.
>
> regards
>
> Hugh
>
> On 17 May 2005, at 09:08, Kawakubo, Ken wrote:
> > All,
> >
> > I am tesing RSA SecurID in different environments and one of them
> > is if it
> > can be used for wireless LAN authentication.
> >
> > RSA ACE Agent 6.0 for Windows comes with what RSA calls RSA
> > Security EAP
> > Client and if installed, RSA Security EAP shows up as a choice
> > under Windows
> > Zero Configuration PEAP selections. In another words, you can
> > choose RSA
> > Security EAP method to be tunnelled thru PEAP instead of EAP-MSCHAPv2.
> >
> > It appears that this RSA Security EAP is a ietf draft and
> > officially called
> > EAP-POTP (The Protected One-Time Password Protocol) and RSA assigns
> > EAP
> > method 32.
> > ftp://ftp.rsasecurity.com/pub/otps/eap/draft-nystrom-eap-potp-01.html
> >
> > I tried the following.
> >
> > <Handler TunnelledByPEAP=1>
> >
> > <AuthBy ACE>
> >
> > EAPType Generic-Token
> >
> > </AuthBy>
> >
> > </Handler>
> >
> > And I got the following message.
> >
> > Mon May 16 15:26:46 2005: DEBUG: Handling with Radius::AuthACE:
> > Mon May 16 15:26:46 2005: DEBUG: Handling with EAP: code 2, 8, 2
> > Mon May 16 15:26:46 2005: DEBUG: Response type 3
> > Mon May 16 15:26:46 2005: INFO: EAP Nak desires type 15
> > Mon May 16 15:26:46 2005: DEBUG: EAP result: 1, Desired EAP type 15
> > not
> > permitted
> > Mon May 16 15:26:46 2005: DEBUG: AuthBy ACE result: REJECT, Desired
> > EAP type
> > 15 not permitted
> >
> >
> > It appears that RSA Security EAP is a new EAP method and Radiator
> > does not
> > support it. (By the way, According to the RSA ACES Agent 6.0 for
> > Windows
> > documentation, RSA provides a module that allows Microsoft IAS to
> > support
> > RSA Security EAP.)
> >
> > My question is if Radiator will support EAP-POTP. Also, is there
> > other ways
> > to integrate RSA SecurID in wireless LAN environment?
> >
> > Ken Kawakubo
> > FHCRC IT
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list