Actually we are not really testing EAP-TTLS-EAP-MSCHAPV2 but more EAP-TTLS-EAP-*.
SecureW2 as you know runs on the Microsoft EAP stack. SecureW2 2 can now use the same EAP stack to call EAP-Modules which are then sent through the EAP-TTLS tunnel to the back-end. One benefit of using the Microsof EAP-MSCHAPV2 is that you can now use Windows credentials with SecureW2 which means single sign on. It also means you can use TTLS on a Microsoft IAS back-end as I show in a previous e-mail. It also means more flexibility. SecureW2 can tunnel any Microsoft EAP module through EAP-TTLS. I have even tunneled EAP-MSCHAPV2 though PEAP through EAP-TTLS :) Pretty cool... but pretty useless.... But if in the future a EAP module is required that cannot do encryption on it's own simply tunnel it through TTLS. Regards, Tom. > -----Original Message----- > From: Rok Papez [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 09, 2004 2:13 PM > To: [EMAIL PROTECTED] > Subject: Re: EAP-TTLS authentication failed > > > Hello Tom. > > Tom Rixom wrote: > > > Just a quick remark without sounding too arrogant... > > > > what we are doing is: > > EAP-TTLS-EAP-MSCHAPV2 not EAP-TTLS-MSCHAPV2. > > > > The first uses what we call Inner EAP, the second is using > the normal > > MSCHAPV2 within TTLS. > > What is the benefit of using Inner EAP + CHAP over normal > CHAP within TTLS ? > > -- > Lep pozdrav, > Rok Papez. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
