Re: PEAP Support
[EMAIL PROTECTED] wrote: I`d like to know if there is some development to integrate PEAP support into freeradius ? Not at this time. People have been asking that question for over a year on the list, and no one has volunteered to do the work. You can always try paying a programmer to do the work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PEAP support
From: Paul Wang [mailto:[EMAIL PROTECTED]] Sent: den 20 december 2002 19:48 To: Freeradius-Users@Lists. Cistron. Nl Subject: PEAP support Lars, I got stuck at part-II. After the server send the first packet (Request for Identity, after confirm with Microsoft it is one byte of value 1) in the TLS channel, there is no response from XP client. Any chance you might look into this in near future such that we might team up together to work this out? or someone else might be interested in tackling this? Thanks. Hi, I apologize for not answering earlier. I've been on vacation and busy with other stuff. We are interested in working with you on this, although we cannot spent a lot of time on it. If you send us you code we will take at look at it next week and see if we can provide any help. -- Lars Viklund Expert Software Engineer Embedded Platforms Axis Communications AB - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PEAP support
From: Ynjiun P. Wang [mailto:[EMAIL PROTECTED]] Sent: den 12 december 2002 00:51 To: Freeradius-Users@Lists. Cistron. Nl Subject: PEAP support Lars I am using the EAP-TLS code base and tweek it to work up to the point of finishing PEAP Part I. Now XP can talk to my prototype up to the Part I. Cool! Now I am getting into the Part II to send EAP packet under TLS tunnel. Could you suggest where to add the Part II code given the EAP-TLS code base? and how to bootstrap EAP code assuming everything recursively happening again? Sorry, I haven't had time to look closely at this. However, obviously you would like to hook into the rlm_eap module to be able to reuse the existing EAP machinery. I suspect you'll have to modify this module slightly to allow this. (PEAP is actually EAP-TLS-EAP, am I right?) I guess you could say that it is EAP-TLS-EAP-X, where X is any EAP method. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP support
On Sun, 2002-11-24 at 05:24, Artur Hecker wrote: i don't know if you are really interested in it, but PEAP [2] (protected EAP) is another MS-Cisco invention (built in in Windows XP SP1 instead of EAP/MD5 as kind of alternative for EAP/TLS). Nobody seems to know so far how it works but The basic idea is to run TLS inside EAP and then EAP again within the TLS session. Thus it is fairly similar to EAP-TTLS and seems to give about the same advantages (support for legacy authentication methods, protection of the identity, etc.). The ID you reference (-05 is the latest version) should be sufficient to implement it. it probably gives mutual out and key negotiation Yes. [2] http://www.globecom.net/ietf/draft/draft-josefsson-pppext-eap-tls-eap-02.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP support
Ynjiun P. Wang [EMAIL PROTECTED] wrote: Is FreeRadius going to support PEAP soon? Does any PEAP code have been written? Thanks. PEAP? What's that? If you supply PEAP patches, it'll probably go in. If you don't supply paches, then probably not. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP support
hi Alan i don't know if you are really interested in it, but PEAP [2] (protected EAP) is another MS-Cisco invention (built in in Windows XP SP1 instead of EAP/MD5 as kind of alternative for EAP/TLS). Nobody seems to know so far how it works but you bet there will be more questions on it (since it's in win xp[1]). it probably gives mutual out and key negotiation, i didn't take a deeper look though. ciao artur [1] i wonder if i gonna have more respect if i change my surname to xp... :-) [2] http://www.globecom.net/ietf/draft/draft-josefsson-pppext-eap-tls-eap-02.html Alan wrote: PEAP? What's that? If you supply PEAP patches, it'll probably go in. If you don't supply paches, then probably not. -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html