Re: EAP Authentication

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Ashwin Palekar\(MS\) (ashwinp_at_online.microsoft.com)
Date: 03/13/04

• Next message: Ashwin Palekar\(MS\): "Re: Not getting password in ias extension dll if CHAP is used by radius client"
• Previous message: Ashwin Palekar\(MS\): "Re: IAS 2003 Connection Request Policies"
• In reply to: Claudio Takahasi: "EAP Authentication"
• Messages sorted by: [ date ] [ thread ]

---

Date: Fri, 12 Mar 2004 20:59:33 -0800

If you want to develop a application that performs EAP-TLS authentication,
then you have to develop your own EAP-TLS code.

There isn't a way for applications to use eap-tls modules from windows.

-- 
-- 
===========================================================
This posting is provided "AS IS" with no warranties and confers no rights
===========================================================
"Claudio Takahasi" <ckt@cesar.org.br> wrote in message 
news:6355E3D2-32EE-4531-B9D7-26586A0BF0CC@microsoft.com...
> Hi folks,
>
>
> I need develop a application that performs EAP-TLS authentication. My 
> access
> point is a Cisco AP1230 and my wireless card is a Cisco 350 series(running 
> on
> windows 2000 professional).
>
> I am a beginner, therefore sorry if ask some inconsistencies. My questions 
> are:
>
> 1. Which configuration are required for support eap-tls? (Only client 
> side, the server is ok.)
>
> 2. Which protected eap (PEAP) dll must I use?
>   I have tried rastls.dll(c:\winnt\system32\rastls.dll). Is that correct?
>
> 3. What are the steps to start the authentication process?
>
>   In my test I load the rastls.dll and called the following functions:
>   * RasEapGetInfo to recover PPP_EAP_INFO structure for the authentication 
> protocol
>   * After that I call the function RasEapInitialize
>   * And after RasEapBegin
>
>   Is this procedure correct?
>
>   Please explain me how the system works? How the messages  are exchanged? 
> Who start
>   the authentication? What is the relation between the Ndis driver 
> protocol and the EAP,
>   I mean in which order they have to be used. Could anyone send a diagram 
> describing the
>   order of the functions should be called?
>
>
> Thanks in advance,
>
> Claudio.
> 

---

• Next message: Ashwin Palekar\(MS\): "Re: Not getting password in ias extension dll if CHAP is used by radius client"
• Previous message: Ashwin Palekar\(MS\): "Re: IAS 2003 Connection Request Policies"
• In reply to: Claudio Takahasi: "EAP Authentication"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: PEAP-TLS vs EAP-TLS ... MSCHAPV2 will not be used and then maybe that would be PEAP-TLS. ... select authentication method there are two choices - secured password ... certificates for both server authentication and client authentication; ... I think this means that there's a PEAP-TLS that's separate from EAP-TLS ... (microsoft.public.windows.server.security) Re: PEAP-TLS vs EAP-TLS ... EAP-TLS Authentication ... certificate-based security environments. ... remote access authentication, you must use the EAP-TLS authentication ... the TLS secure channel. ... (microsoft.public.windows.server.security) Re: PEAP-TLS vs EAP-TLS ... The documentation is correct in the order of being most secure though most ... confusing here is that EAP and EAP-TLS are not the same. ... does not allow authentication to be done in clear text. ... Take a look at "Securing Wireless LANs with Certificate Services" ... (microsoft.public.windows.server.security) Re: PEAP-TLS vs EAP-TLS ... can access your wireless network - those that have computer certificates. ... EAP-TLS Authentication ... remote access authentication, you must use the EAP-TLS authentication ... Most of the docs say that EAP-TLS is more secure than PEAP-MS-CHAP v2, ... (microsoft.public.windows.server.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet  > microsoft.public.internet.radius  > 2004-03