Discussions

EAP and RADIUS servers

+
0 Votes
Locked

EAP and RADIUS servers

rafal
I'm currently running a WIN 2K IAS server with 802.1x over PEAP and here's the thing. When my access point is set for WEP Encryption everything works fine. Login window pops up, user is authenticated by the RADIUS server if login password check out access is granted. Although everyone knows how great WEP is...
Going by that train of though I figured EAP would be much more secure. The strange part is when EAP is turned on as the Encryption method I never get a login window. It's like anyone can login and the RADIUS server is never contacted with the credential check.

Anyone have a clue what the problem could be?
  • +
    0 Votes
    rafal

    I seem to have solved the issue. There is no problem, since the PC was authenticated previously it stored the user login and password. After checking the RADIUS server logs i see that the authentication was processed.

    I feel dumb... :)

    +
    0 Votes
    rafal

    What do you think of this solution?
    Has anyone tested this in regards to security, or does anyone know of any flaws of this setup?
    I know 802.11i should be available soon to replace 802.1x, but in the mean time it would be nice to know if the security in place is at least worth it.

    Thanks for your insights.

    +
    0 Votes
    career

    I'm a bit confused by the original post and this reply.

    With WEP, the encryption is weak but it's better than nothing. It was replaced by 802.11i, more commonly known as WPA.

    It seems by getting rid of WEP and just using EAP, you'd have encrypted authentication (MD5 or MS-CHAP-V2) but the traffic would be in plaintext. Correct?

  • +
    0 Votes
    rafal

    I seem to have solved the issue. There is no problem, since the PC was authenticated previously it stored the user login and password. After checking the RADIUS server logs i see that the authentication was processed.

    I feel dumb... :)

    +
    0 Votes
    rafal

    What do you think of this solution?
    Has anyone tested this in regards to security, or does anyone know of any flaws of this setup?
    I know 802.11i should be available soon to replace 802.1x, but in the mean time it would be nice to know if the security in place is at least worth it.

    Thanks for your insights.

    +
    0 Votes
    career

    I'm a bit confused by the original post and this reply.

    With WEP, the encryption is weak but it's better than nothing. It was replaced by 802.11i, more commonly known as WPA.

    It seems by getting rid of WEP and just using EAP, you'd have encrypted authentication (MD5 or MS-CHAP-V2) but the traffic would be in plaintext. Correct?