Re: Expired Active Directory Passwords & Wireless Authentication
No. You cannot do a successful auth against an incorrect password as you haven't got agreement from both ends and therefore no keying material required for WPA-RADIUS...therefore no key for the wireless association. Password change can only be performed INSIDE the PEAP negotiation. As has already been said, latest version already supports this...some clients do to. alan -- This smartphone uses free WiFi around the world with eduroam, now that's what I call smart.
Thanks, that makes sense. Just out of curiosity, which types of clients typically support the MSCHAP password change? Does Windows? Alan Buxey <A.L.M.Buxey@lboro.ac.uk> writes:
No.
You cannot do a successful auth against an incorrect password as you haven't got agreement from both ends and therefore no keying material required for WPA-RADIUS...therefore no key for the wireless association. Password change can only be performed INSIDE the PEAP negotiation. As has already been said, latest version already supports this...some clients do to.
alan -- This smartphone uses free WiFi around the world with eduroam, now that's what I call smart.
Hi,
Thanks, that makes sense. Just out of curiosity, which types of clients typically support the MSCHAP password change? Does Windows?
Windows does - I've used it. for 'incorrect try again' and for 'change password' alan
participants (3)
-
Alan Buxey -
alan buxey -
Jason Agress