RE: [WIRELESS-LAN] 802.1X accounting, PEAP outer identity

Subject: Re: [WIRELESS-LAN] 802.1X accounting, PEAP outer identity On Jul 14, 2006, at 4:23 PM, Jeff Wolfe wrote: You may also want to consider Radiator. I've found the support from the OSC folks to be much more friendly that some of the folks on the freeradius list. Heh... Yeah, Alan

Re: [WIRELESS-LAN] 802.1X accounting, PEAP outer identity

Julian Y. Koh wrote: At 20:15 -0500 06/02/2006, Julian Y. Koh wrote: Now we find out from Funk that their fix in 5.4 still isn't working like they wanted, with a final fix scheduled for Q4 2006. This is obviously totally not cool, and will probably force us to jumpstart our freeradius

Re: [WIRELESS-LAN] 802.1X accounting, PEAP outer identity

On Jul 14, 2006, at 4:23 PM, Jeff Wolfe wrote: You may also want to consider Radiator. I've found the support from the OSC folks to be much more friendly that some of the folks on the freeradius list. Heh... Yeah, Alan (DeKok) can come off a bit harsh sometimes. You have to

Re: [WIRELESS-LAN] 802.1X accounting, PEAP outer identity

Julian, We are experiencing quite a bit with Accounting and Identity issues while we run the experimental Federated Wireless Net Auth (FWNA) (more at http://security.internet2.edu/fwna) Here is what we discovered so far about identity issues with tunneled EAP methods: The supplicant makes the

RE: [WIRELESS-LAN] 802.1X accounting, PEAP outer identity

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, I talked to Funk/Juniper today. They said that this inner/outer identity thing will be fixed in a build of 5.4 (we're running an interim build of 5.3 that has the fix for the Windows password change issue). We should get the build in the next

Re: [WIRELESS-LAN] 802.1X accounting, PEAP outer identity

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Unfortunately it is the design of PEAP (and TTLS) to offer separate inner and outer identities. There has been a lot of discussion in the IEEE about how to better support service provider billing in these instances, but I don't know what came

Re: [WIRELESS-LAN] 802.1X accounting, PEAP outer identity

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 15:34 -0700 06/01/2006, David Morton wrote: Unfortunately it is the design of PEAP (and TTLS) to offer separate inner and outer identities. A little Googling seems to reveal that Radiator has a hook that requires the inner and outer identities to

Re: [WIRELESS-LAN] 802.1X accounting, PEAP outer identity

You and Julian are, of course, right about both Radiator and SBR. I was thinking about the problem from a different angle, where the PEAP/ TTLS session was terminating on a foreign system (as is the case with roaming, commercial service providers or a distributed education environment).