Re: W2K3, IAS, Cisco 1200 AP, PEAP, and MAC authentication

From: James McIllece [MS] (jamesmci_at_online.microsoft.com)
Date: 02/24/05 

Date: Thu, 24 Feb 2005 13:14:57 -0800

"Cornloaf" <reinier@hotmail.com> wrote in
news:d34bb4a498e948c158fa2f78e313783f@localhost.talkaboutsoftware.com:

> Hello,
>
> I am having a heck of a time getting PEAP working with MAC
> authentication.
> I know that it is not as secure as EAP-TLS, etc. but I have devices
> that
> do not support LEAP, etc. I am currently using Symbol SPT1746
> scanners to access my 802.11b network and configuring them for static
> 128-bit WEP. This can be very time consuming since I will have 100+
> running at a time. I have configured PEAP and it is working great with
> my AD user names but I have had no success with my scanners. I
> created an AD user with the MAC address as the user name and password.
> I configured the access point to do MAC authentication against the
> RADIUS Server. So far it appears as if the request never makes it to
> the RADIUS server. Anyone else try to get this to work before? I
> took a wireless class at Cisco and they gave me a handout on how to
> configure this, but they did not go in to any details about what to do
> to the IAS server. It was only after doing some Google searches that
> I found that I needed to make some changes to IAS as well.
>
> Any help that anyone can offer me would be greatly appreciated!
>
>

The only authentication types available for use with PEAP are MS-CHAP v2
(password-based user auth) and TLS (certificate based auth with smart cards
or a cert in the computer cert store) -- so the configuration you are
attempting to use is not supported and won't work. 

-- 
James McIllece, Microsoft
Please do not send email directly to this alias.  This is my online account 
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.

Relevant Pages

  • Re: How secure is the WPA-PSK wireless encryption
    ... Authentication Protocol), ... PEAP and EAP-TTLS, both establish a TLS connection with the RADIUS ... server and then do an EAP authentiation to authenticate the user. ...
    (sci.crypt)
  • Re: CBC questions
    ... >> point was that a MAC usually cannot be safely omitted. ... Even if we assume that authentication normally is ... Simply messing up the first block with random ... and nothing you do to the IV will fix it. ...
    (sci.crypt)
  • Re: CBC questions
    ... authentication, and not a very tricky one. ... either they're a fancy way of gluing an encryption scheme and a MAC ... Since CBC mode is weak without authentication, ... cipher E_Kand use hXOR E_Kinstead of the above construction. ...
    (sci.crypt)
  • Re: PEAP-TLS vs EAP-TLS
    ... and PEAP is that PEAP is a two-step process where 1) the RADIUS server is ... authenticated to the client via the RADIUS server's certificate, ... encrypted TLS channel is set up for 2) client authentication (either using ... But I wonder how much more secure PEAP-TLS is than EAP-TLS, ...
    (microsoft.public.windows.server.security)
  • Re: Configuration of an Aironet 1130AG
    ... Cisco 1130AG Documentation: ... An incorrect username and password on the RADIUS server. ... An incorrect PEAP configuration. ... MS PEAP machine authentication does not work with the ADU supplicant. ...
    (comp.dcom.sys.cisco)
Loading