Re: PEAP Support
[EMAIL PROTECTED] wrote: > I`d like to know if there is some development to integrate PEAP support into > freeradius ? Not at this time. People have been asking that question for over a year on the list, and no one has volunteered to do the work. You can always try paying a programmer to do the work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PEAP support
> From: Paul Wang [mailto:[EMAIL PROTECTED]] > Sent: den 20 december 2002 19:48 > To: Freeradius-Users@Lists. Cistron. Nl > Subject: PEAP support > > > Lars, > > I got stuck at part-II. After the server send the first > packet (Request for Identity, after confirm with Microsoft it > is one byte of value 1) in the TLS channel, there is no > response from XP client. Any chance you might look into this > in near future such that we might team up together to work > this out? or someone else might be interested in tackling > this? Thanks. Hi, I apologize for not answering earlier. I've been on vacation and busy with other stuff. We are interested in working with you on this, although we cannot spent a lot of time on it. If you send us you code we will take at look at it next week and see if we can provide any help. -- Lars Viklund Expert Software Engineer Embedded Platforms Axis Communications AB - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PEAP support
> From: Ynjiun P. Wang [mailto:[EMAIL PROTECTED]] > Sent: den 12 december 2002 00:51 > To: Freeradius-Users@Lists. Cistron. Nl > Subject: PEAP support > > > Lars > > I am using the EAP-TLS code base and tweek it to work > up to the point of finishing PEAP Part I. Now XP can talk to > my prototype up to the Part I. Cool! > Now I am getting into the Part > II to send EAP packet under TLS tunnel. Could you suggest > where to add the Part II code given the EAP-TLS code base? > and how to bootstrap EAP code assuming everything recursively > happening again? Sorry, I haven't had time to look closely at this. However, obviously you would like to hook into the rlm_eap module to be able to reuse the existing EAP machinery. I suspect you'll have to modify this module slightly to allow this. > (PEAP is actually EAP-TLS-EAP, am I right?) I guess you could say that it is EAP-TLS-EAP-X, where X is any EAP method. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP support
On Mon, 2002-11-25 at 20:34, Ynjiun P. Wang wrote: > Is http://www.ietf.org/internet-drafts/draft-kamath-pppext-peapv0-00.txt the latest >draft for PEAP? That draft apparently describes the differences between draft-josefsson-pppext-eap-tls-eap-02.html and what Windows XP SP1 implements ("PEAP Version 0"). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP support
"Ynjiun P. Wang" <[EMAIL PROTECTED]> wrote: > Is > http://www.ietf.org/internet-drafts/draft-kamath-pppext-peapv0-00.txt > the latest draft for PEAP? Look at the trailing two numbers, they're the version number. > what would be the suggested starting > place to add the code: under src/modules/rlm_eap or create a new > directory src/modules/rlm_peap? src/modules/rlm_eap/types/rlm_eap_peap Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP support
On Sun, 2002-11-24 at 05:24, Artur Hecker wrote: > i don't know if you are really interested in it, but PEAP [2] > ("protected EAP") is another MS-Cisco invention (built in in Windows XP > SP1 instead of EAP/MD5 as kind of alternative for EAP/TLS). Nobody seems > to know so far how it works but The basic idea is to run TLS inside EAP and then EAP again within the TLS session. Thus it is fairly similar to EAP-TTLS and seems to give about the same advantages (support for legacy authentication methods, protection of the identity, etc.). The ID you reference (-05 is the latest version) should be sufficient to implement it. > it probably gives mutual out and key > negotiation Yes. > [2] > http://www.globecom.net/ietf/draft/draft-josefsson-pppext-eap-tls-eap-02.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP support
hi Alan i don't know if you are really interested in it, but PEAP [2] ("protected EAP") is another MS-Cisco invention (built in in Windows XP SP1 instead of EAP/MD5 as kind of alternative for EAP/TLS). Nobody seems to know so far how it works but you bet there will be more questions on it (since it's in win xp[1]). it probably gives mutual out and key negotiation, i didn't take a deeper look though. ciao artur [1] i wonder if i gonna have more respect if i change my surname to "xp"... :-) [2] http://www.globecom.net/ietf/draft/draft-josefsson-pppext-eap-tls-eap-02.html Alan wrote: > PEAP? What's that? > If you supply PEAP patches, it'll probably go in. If you don't > supply paches, then probably not. -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP support
"Ynjiun P. Wang" <[EMAIL PROTECTED]> wrote: > Is FreeRadius going to support PEAP soon? Does any PEAP code have > been written? Thanks. PEAP? What's that? If you supply PEAP patches, it'll probably go in. If you don't supply paches, then probably not. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html