Subject: Re: [WIRELESS-LAN] 802.1X accounting, PEAP outer identity
On Jul 14, 2006, at 4:23 PM, Jeff Wolfe wrote:
You may also want to consider Radiator. I've found the support from
the OSC folks to be much more friendly that some of the folks on
the freeradius list.
Heh... Yeah, Alan
Julian Y. Koh wrote:
At 20:15 -0500 06/02/2006, Julian Y. Koh wrote:
Now we find out from Funk that their fix in 5.4 still isn't working like they
wanted, with a final fix scheduled for Q4 2006. This is obviously totally
not cool, and will probably force us to jumpstart our freeradius
On Jul 14, 2006, at 4:23 PM, Jeff Wolfe wrote:
You may also want to consider Radiator. I've found the support from
the OSC folks to be much more friendly that some of the folks on
the freeradius list.
Heh... Yeah, Alan (DeKok) can come off a bit harsh sometimes. You
have to
Julian,
We are experiencing quite a bit with Accounting and Identity issues
while we run the experimental Federated Wireless Net Auth (FWNA)
(more at http://security.internet2.edu/fwna)
Here is what we discovered so far about identity issues with tunneled EAP
methods:
The supplicant makes the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Well, I talked to Funk/Juniper today. They said that this inner/outer
identity thing will be fixed in a build of 5.4 (we're running an interim
build of 5.3 that has the fix for the Windows password change issue). We
should get the build in the next
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Unfortunately it is the design of PEAP (and TTLS) to offer separate
inner and outer identities. There has been a lot of discussion in the
IEEE about how to better support service provider billing in these
instances, but I don't know what came
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 15:34 -0700 06/01/2006, David Morton wrote:
Unfortunately it is the design of PEAP (and TTLS) to offer separate
inner and outer identities.
A little Googling seems to reveal that Radiator has a hook that requires the
inner and outer identities to
You and Julian are, of course, right about both Radiator and SBR. I
was thinking about the problem from a different angle, where the PEAP/
TTLS session was terminating on a foreign system (as is the case with
roaming, commercial service providers or a distributed education
environment).