Artur Hecker <[EMAIL PROTECTED]> wrote: > well, the question is rather if the AP will place the LEAP frames into > the _same_ RADIUS attributes as they are used in the RFC2869 and its > extensions. it probably won't and that's at least a part of a problem.
Yup. http://lists.cistron.nl/pipermail/cistron-radius/2001-September/002042.html And in the middle: The Session Key (SK) is sent from RS to AP in the final packet. It is carried in a cisco-avpair vendor specific radius attribute. The value of the attribute is: "leap:session-key=nnnn" where nnnn is 34 octets of binary data as described in SK below. Yuck. I have vendor-specific extensions to standard protocols. > well, that's what i thought. but since my EAP didn't work, they all > (Alan, Raghu) have proposed to use Auth-Type := System instead. so, it > seems to be the vice versa? If you're willing to live with passwords in the clear. For wireless, passwords should NEVER go over the wireless network in the clear. Even CHAP is better. > well, since it changes nothing, I would try usual EAP at your place. if > it works, I would say "EAP and LEAP are not the same" and let it be. Don't use LEAP, if you can help it. It's annoying. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
