(RADIATOR) Fwd: EAPAnonymous - Different behaviour for EAP-TTLS and PEAP
rkrieger at gmail.com
Sun Apr 15 09:09:41 CDT 2007
On 4/14/07, Hugh Irvine <hugh at open.com.au> wrote:
> Could you also tell me what outer username you used in all cases as
> well as what client supplicant you used?
In all cases, the supplicant is the PalmOS 802.1x supplicant from
their ESU (Enterprise Security Update). That one is more (easily)
configurable than its WinXP counterpart, in that I can set an outer
and inner identity. If you would like screen shots of the supplicant
setup, let me know.
For the various scenarios (sc1 to sc4), I used the following outer and
# Outer identity Inner identity
1 iverdahl.net iverdahl.net
2 iverdahl.net visitor.iverdahl.net
3 visitor.iverdahl.net iverdahl.net
4 visitor.iverdahl.net visitor.iverdahl.net
I expect Radiator to always handle the inner EAP authentication with a
handler based on the realm of the inner identity. For TTLS it does,
for PEAP it seems to select its handler based upon the outer identity
realm. As I mentioned in my original message, I get the following
results for my four scenarios:
# Expected TTLS result PEAP result
1 iverdahl.net OK OK
2 visitor.iverdahl.net OK FAIL (iverdahl.net)
3 iverdahl.net OK FAIL (visitor.iverdahl.net)
4 visitor.iverdahl.net OK OK
Note: 'Expected' corresponds with the 'Inner identity' in the table
above. It is only repeated for clarity. Results mentioning 'FAIL'
indicate Radiator handled the inner EAP authentication with the realm
mentioned in parentheses instead of the 'expected' realm.
Does the above clarify things? I am getting a suspicion that WinXP's
PEAP would not have this issue, as it does not (to my knowledge) allow
setting a different outer identity and my PalmOS supplicant does allow
If there is more information that I can provide, please let me know.
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator