Re: LEAP Authentication?
Client not responding to the access challenge, client issue alan
Is it possible that the problem is with the Access Point? I tried to authenticate using the native windows client and the Verizon Wireless Manager and I can see the same behaviour... no answer to the Access-Challenge. Thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/LEAP-Authentication-tp4475314p453605... Sent from the FreeRadius - User mailing list archive at Nabble.com.
pesho wrote:
Is it possible that the problem is with the Access Point? I tried to authenticate using the native windows client and the Verizon Wireless Manager and I can see the same behaviour... no answer to the Access-Challenge.
Don't use LEAP. Use another authentication method. Alan DeKok.
I guess this is kind of solution, but we would like to have the LEAP running as well. Any other suggestions? Thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/LEAP-Authentication-tp4475314p453654... Sent from the FreeRadius - User mailing list archive at Nabble.com.
pesho wrote:
I guess this is kind of solution, but we would like to have the LEAP running as well. Any other suggestions?
Don't run LEAP. LEAP requires support from the access point. If the documentation for the AP doesn't say it supports LEAP, it won't work. The recommendation to not use LEAP comes from experience. We're not in the business of making random useless suggestions. Alan DeKok.
Hi,
I guess this is kind of solution, but we would like to have the LEAP running as well. Any other suggestions?
i ran up a default FreeRADIUS install, enabled LEAP, had a device doing LEAP against the 802.1X AP and it just worked. does your AP understand LEAP? alan
It does. It is a Aironet 350 device and it has internal RADIUS as well, which we are able to authenticate against(using LEAP). -- View this message in context: http://freeradius.1045715.n5.nabble.com/LEAP-Authentication-tp4475314p453690... Sent from the FreeRadius - User mailing list archive at Nabble.com.
Aeronet 350. I pity you and your users. Sent from Verizon Wireless -----Original Message----- From: pesho <pesho.tmp.mail@gmail.com> Sender: freeradius-users-bounces+ironrake=yahoo.com@lists.freeradius.org Date: Wed, 29 Jun 2011 15:05:17 To: <freeradius-users@lists.freeradius.org> Reply-To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: LEAP Authentication? It does. It is a Aironet 350 device and it has internal RADIUS as well, which we are able to authenticate against(using LEAP). -- View this message in context: http://freeradius.1045715.n5.nabble.com/LEAP-Authentication-tp4475314p453690... Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yes, you can get LEAP to work with Cisco and some other devices, but LEAP is a flawed proprietary protocol. When analyzed and found subject to offline dictionary attacks Cisco circled the wagons and threw FUD until FAST was developed and deployed. LEAP has never been publically documented by Cisco, though you can find reverse engineering about it on the net. So to repeat; - Not a standard - Not publically described - Subject to attack/cracking - there is at least one tool for it. That is why you should avoid it. Dave. http://ipsecs.com/web/?p=66 http://www.willhackforsushi.com/?page_id=41 Quoting pesho <pesho.tmp.mail@gmail.com>:
It does. It is a Aironet 350 device and it has internal RADIUS as well, which we are able to authenticate against(using LEAP).
-- View this message in context: http://freeradius.1045715.n5.nabble.com/LEAP-Authentication-tp4475314p453690... Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It does. It is a Aironet 350 device and it has internal RADIUS as well, which we are able to authenticate against(using LEAP).
Is this for WLSE authentication to the AP? If not, do you have other options other than LEAP? If so, avoid LEAP as many others have said.
participants (6)
-
Alan Buxey -
Alan DeKok -
David Mitton -
Garber, Neal -
ironrake@yahoo.com -
pesho