Re: PEAP Support

2003-01-29 Thread Alan DeKok 
[EMAIL PROTECTED] wrote:
> I`d like to know if there is some development to integrate PEAP support into
> freeradius ?

  Not at this time.  People have been asking that question for over a
year on the list, and no one has volunteered to do the work.

  You can always try paying a programmer to do the work.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: PEAP support

2003-01-10 Thread Lars Viklund 

> From: Paul Wang [mailto:[EMAIL PROTECTED]] 
> Sent: den 20 december 2002 19:48
> To: Freeradius-Users@Lists. Cistron. Nl
> Subject: PEAP support
> 
> 
> Lars,
> 
>   I got stuck at part-II. After the server send the first 
> packet (Request for Identity, after confirm with Microsoft it 
> is one byte of value 1) in the TLS channel, there is no 
> response from XP client. Any chance you might look into this 
> in near future such that we might team up together to work 
> this out? or someone else might be interested in tackling 
> this? Thanks.

Hi,

I apologize for not answering earlier. I've been on vacation and busy with other stuff.

We are interested in working with you on this, although we cannot spent a lot of time 
on it. If you send us you code we will take at look at it next week and see if we can 
provide any help.

--
Lars Viklund
Expert Software Engineer
Embedded Platforms
Axis Communications AB

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: PEAP support

2002-12-12 Thread Lars Viklund 

> From: Ynjiun P. Wang [mailto:[EMAIL PROTECTED]] 
> Sent: den 12 december 2002 00:51
> To: Freeradius-Users@Lists. Cistron. Nl
> Subject: PEAP support
> 
> 
> Lars
> 
>   I am using the EAP-TLS code base and tweek it to work 
> up to the point of finishing PEAP Part I. Now XP can talk to 
> my prototype up to the Part I. 

Cool!

> Now I am getting into the Part 
> II to send EAP packet under TLS tunnel. Could you suggest 
> where to add the Part II code given the EAP-TLS code base? 
> and how to bootstrap EAP code assuming everything recursively 
> happening again? 

Sorry, I haven't had time to look closely at this. However, obviously you would like 
to hook into the rlm_eap module to be able to reuse the existing EAP machinery. I 
suspect you'll have to modify this module slightly to allow this.

> (PEAP is actually EAP-TLS-EAP, am I right?)

I guess you could say that it is EAP-TLS-EAP-X, where X is any EAP method.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP support

2002-11-25 Thread Lars Viklund 
On Mon, 2002-11-25 at 20:34, Ynjiun P. Wang wrote:
> Is http://www.ietf.org/internet-drafts/draft-kamath-pppext-peapv0-00.txt the latest 
>draft for PEAP? 

That draft apparently describes the differences between
draft-josefsson-pppext-eap-tls-eap-02.html and what Windows XP SP1
implements ("PEAP Version 0").



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP support

2002-11-25 Thread Alan DeKok 
"Ynjiun P. Wang" <[EMAIL PROTECTED]> wrote:
> Is
> http://www.ietf.org/internet-drafts/draft-kamath-pppext-peapv0-00.txt
> the latest draft for PEAP?

  Look at the trailing two numbers, they're the version number.

> what would be the suggested starting
> place to add the code: under src/modules/rlm_eap or create a new
> directory src/modules/rlm_peap?

  src/modules/rlm_eap/types/rlm_eap_peap

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP support

2002-11-24 Thread Lars Viklund 
On Sun, 2002-11-24 at 05:24, Artur Hecker wrote:
> i don't know if you are really interested in it, but PEAP [2]
> ("protected EAP") is another MS-Cisco invention (built in in Windows XP
> SP1 instead of EAP/MD5 as kind of alternative for EAP/TLS). Nobody seems
> to know so far how it works but 

The basic idea is to run TLS inside EAP and then EAP again within the
TLS session. Thus it is fairly similar to EAP-TTLS and seems to give
about the same advantages (support for legacy authentication methods,
protection of the identity, etc.).

The ID you reference (-05 is the latest version) should be sufficient to
implement it.

> it probably gives mutual out and key
> negotiation

Yes.

> [2]
> http://www.globecom.net/ietf/draft/draft-josefsson-pppext-eap-tls-eap-02.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP support

2002-11-23 Thread Artur Hecker 
hi Alan


i don't know if you are really interested in it, but PEAP [2]
("protected EAP") is another MS-Cisco invention (built in in Windows XP
SP1 instead of EAP/MD5 as kind of alternative for EAP/TLS). Nobody seems
to know so far how it works but you bet there will be more questions on
it (since it's in win xp[1]). it probably gives mutual out and key
negotiation, i didn't take a deeper look though.


ciao
artur


[1] i wonder if i gonna have more respect if i change my surname to
"xp"... :-)
[2]
http://www.globecom.net/ietf/draft/draft-josefsson-pppext-eap-tls-eap-02.html


Alan wrote:
>   PEAP?  What's that?
>   If you supply PEAP patches, it'll probably go in.  If you don't
> supply paches, then probably not.


-- 
Artur Hecker
artur[at]hecker.info

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PEAP support

2002-11-23 Thread Alan DeKok 
"Ynjiun P. Wang" <[EMAIL PROTECTED]> wrote:
> Is FreeRadius going to support PEAP soon? Does any PEAP code have
> been written? Thanks.

  PEAP?  What's that?

  If you supply PEAP patches, it'll probably go in.  If you don't
supply paches, then probably not.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html