I've tried this with our current implementation of IAS and it works fine, re-challenges for correct password, and throws an event in ias evenlog... perhaps its something else? although I am glad to be moving to a idengines igition server... albeit for different reasons.
________________________________ From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Mike King Sent: Sat 3/8/2008 5:12 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] IAS Logging I have to clarify something for myself here. When you enter the wrong password into the Windows PEAP Client, IAS will lock the account out because the client will keep trying the wrong password? Wow. The major RADIUS servers all have the correct behavior, in that if you put the wrong password, it will send the correct response back to the client to force it to reprompt the client to re-enter the username/password. I've tested this with FreeRadius (Everything from .97 up has it) Funk (Juniper now) Steel Belted Radius (SBR) and IDEngines Ignition server. I figured Microsoft would use they're own API, and perform the correct action. I guess that would be a false assumption. (To clarify my point, I'm blaming IAS for not following the RADIUS specs that Microsoft created when they made the PEAP client in Windows XP. ) ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
