I do want to clarify that the hashed password does NOT go over the network with MS-CHAP. Rather, the authenticating end knows the users password, or a hashed version at least. It sends a challenge to the client encrypted with the hashed pw. Since a valid client knows the pw it can decrypt the challenge, create the correct response, and encrypt it with the hash of the pw. The use of the hashed pw is the weak point of MS-CHAP (see http://www.schneier.com/paper-pptpv2.html for details) allowing a dictionary attack against a weak password. However in the case of PEAP this process occurs inside an encrypted outer tunnel.
Tom Zeller [EMAIL PROTECTED] -----Original Message----- From: Robert Taylor [mailto:[EMAIL PROTECTED] Sent: Saturday, July 08, 2006 1:28 PM To: [email protected] Subject: [WIRELESS-LAN] [Fwd: Re: WIRELESS-LAN Digest - 4 Jul 2006 to 7 Jul 2006 (#2006-98)] Peap and ttls doesn't require a cert on the client side. They use a cert on the server side when you connect to the wireless lan. You may need to install a CA cert on the client side if you have your own Public Key Infrastructure and the cert is your own instead of from a CA that the client already trusts. There is an option that your need to uncheck when using the built in windows supplicant with peap if you don't want windows to automatically feed the logged in username and password to authenticate you to the wireless. Once unchecked, it pops up a box for you to authenticate. There are some issues that you may find with using peap however. 1. Outer authentication sends the actual username. Since the outer authentication of peap is unencrypted, the user name gets sent in the clear. If anyone out there knows how to change this on Windows XP, please let me know. 2. PEAP hashes the password with ms-chapv2. So the hashed password is what the radius server is going to get when the user tries to authenticate. It is going to then pass that on to the ldap server for authentication. If the ldap server cannot understand ms-chapv2 hashed passwords, the you may not be able to authenticate. I had this issue and ended up switching from ldap authentication to windows domain authentication (Using Funk's Steel Belted Radius) to get it to work. If you use ttls, there is a free supplicant on windows which should allow you to use PAP, which is just username and password. http://www.securew2.com/uk/index.htm Let me know how it goes. Btw, what wireless system are you using? WIRELESS-LAN automatic digest system wrote: > There are 5 messages totalling 449 lines in this issue. > > Topics of the day: > > 1. 802.1x authentication using LDAP (5) > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. > > ---------------------------------------------------------------------- > > Date: Fri, 7 Jul 2006 15:50:34 -0300 > From: Matt Ashfield <[EMAIL PROTECTED]> > Subject: 802.1x authentication using LDAP > > Hi All > > I'm trying to configure 802.1x wireless authentication using credentials > stored in LDAP. > > I am running FreeRadius and SunOne ldap server. The Radius server is > correctly doing authentication attempts to the LDAP server (I issue the > "radtest" command with a username/passwd from LDAP and I get an > authenticate-accept back). > > The next step is setting up an XP client to talk to an Access Point, = > which > is configured to authenticate via the Raidus server, via LDAP. So far, = > in my > minimal testing, I've seen the client try to connect using it's Windows > credentials rather than giving the user a chance to enter a > username/password. > > I'm sure others out there are doing this. I'm just wondering what you're > using? EAP-TLS, PEAP, etc..? I guess I need to get my acronyms straight > first and go from there. > > From what I can tell PEAP will require my users to install a = > certificate. > We'd much rather prefer them to have to enter their LDAP usernames and > passwords.=20 > > Any advice is appreciated. > > Thanks > > > Matt Ashfield > [EMAIL PROTECTED] > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. > > ------------------------------ > > Date: Fri, 7 Jul 2006 15:13:39 -0400 > From: "King, Michael" <[EMAIL PROTECTED]> > Subject: Re: 802.1x authentication using LDAP > > Hi Matt. > > I'm going to answer your questions, and also point out something you've > missed. > > You are using PEAP (if your are using the XP Client, you are using PEAP) > > To tell PEAP not to use your logon creditialas, but to prompt for it, > you have to uncheck something that is buried 3 menu's deep. > > See here for directions: > http://www.informit.com/guides/content.asp?g=3Dsecurity&seqNum=3D74&rl=3 D= > 1 > > See figure 7 for details > > BUT.... > > I don't think this will work for you. (I'm making some assumptions > about your network that could prove me wrong) > I assume you have Active Directory, with freeradius querying this via > LDAP? > If it is, this setup won't work for you. ActiveDirectory, in the usual > Microsoft methodailty, embraces standards, and extends them with > proprietary extensions. =20 > What does this mean? It means by default you can't get passwords out of > AD. You could store passwords in plaintext. (Bad idea) > > You need to setup FreeRadius using the ntlm_auth helper program. You > install Samba on the FreeRadius Box, join it to the domain, and > configure freeradius to perform Auth's via ntlm_auth. Then freeRadius > will have no problem talking to ActiveDirectory. You can still use the > LDAP module to assign attributes. (This was on the freeradius mailing > list last week) > > Hope this helped. > > -----Original Message----- > From: Matt Ashfield [mailto:[EMAIL PROTECTED] > Sent: Friday, July 07, 2006 2:51 PM > To: [email protected] > Subject: [WIRELESS-LAN] 802.1x authentication using LDAP > > Hi All > > I'm trying to configure 802.1x wireless authentication using credentials > stored in LDAP. > > I am running FreeRadius and SunOne ldap server. The Radius server is > correctly doing authentication attempts to the LDAP server (I issue the > "radtest" command with a username/passwd from LDAP and I get an > authenticate-accept back). > > The next step is setting up an XP client to talk to an Access Point, > which is configured to authenticate via the Raidus server, via LDAP. So > far, in my minimal testing, I've seen the client try to connect using > it's Windows credentials rather than giving the user a chance to enter a > username/password. > > I'm sure others out there are doing this. I'm just wondering what you're > using? EAP-TLS, PEAP, etc..? I guess I need to get my acronyms straight > first and go from there. > > From what I can tell PEAP will require my users to install a > certificate. > We'd much rather prefer them to have to enter their LDAP usernames and > passwords.=20 > > Any advice is appreciated. > > Thanks > > > Matt Ashfield > [EMAIL PROTECTED] > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. > > ------------------------------ > > Date: Fri, 7 Jul 2006 15:16:22 -0400 > From: Philippe Hanset <[EMAIL PROTECTED]> > Subject: Re: 802.1x authentication using LDAP > > Matt, > > Since you are not in a Active Directory environment, > it will require a lot of "gymanstics" to make EAP-PEAP > work Windows. > If you want to do testing, load the client from SecureW2, it works > very well in a Free-Radius/LDAP environment. > > get the client at www.securew2.com, it's free and open-source > (Thanks to the Dutchmen) > > You can see some of our installation instructions at > http://wireless.utk.edu/1x/ > > Just skip the certificate installation in our instructions. > > Philippe Hanset > University of Tennessee > > On Fri, 7 Jul 2006, Matt Ashfield wrote: > >> Hi All >> >> I'm trying to configure 802.1x wireless authentication using credentials >> stored in LDAP. >> >> I am running FreeRadius and SunOne ldap server. The Radius server is >> correctly doing authentication attempts to the LDAP server (I issue the >> "radtest" command with a username/passwd from LDAP and I get an >> authenticate-accept back). >> >> The next step is setting up an XP client to talk to an Access Point, which >> is configured to authenticate via the Raidus server, via LDAP. So far, in my >> minimal testing, I've seen the client try to connect using it's Windows >> credentials rather than giving the user a chance to enter a >> username/password. >> >> I'm sure others out there are doing this. I'm just wondering what you're >> using? EAP-TLS, PEAP, etc..? I guess I need to get my acronyms straight >> first and go from there. >> >> From what I can tell PEAP will require my users to install a certificate. >> We'd much rather prefer them to have to enter their LDAP usernames and >> passwords. >> >> Any advice is appreciated. >> >> Thanks >> >> >> Matt Ashfield >> [EMAIL PROTECTED] >> >> ********** >> Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. >> > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. > > ------------------------------ > > Date: Fri, 7 Jul 2006 14:23:40 -0500 > From: Michael Griego <[EMAIL PROTECTED]> > Subject: Re: 802.1x authentication using LDAP > > --Apple-Mail-8-46845056 > Content-Type: text/plain; > charset=US-ASCII; > delsp=yes; > format=flowed > Content-Transfer-Encoding: 7bit > > Hey, Matt, > > This setup is actually almost identical to what we're doing here at > UT Dallas. > > As is commonly seen on the FreeRADIUS mailing lists, I think you may > be confusing how to use PEAP with LDAP a little. In order to use > PEAP with LDAP, you don't use LDAP "authentication" in FreeRADIUS. > You have to store either a cleartext password or an NTLMv2 password > hash in your LDAP directory for each of your users. Be sure if you > do this to set appropriate ACLs on the attribute containing the > password/hash so that only the RADIUS connect profile can get to that > attribute. In any case, once you've done this, the LDAP module goes > in your authorize section in FR so that it can pull the password or > hash out and use it to perform the authentication itself using the > mschap module. > > Also, for PEAP, you only need a certificate for your RADIUS servers > to authenticate the network to the users. Your users don't need > personal certificates as they would using EAP-TLS. If you purchase a > commercial certificate from one of the CAs included by default in > your client OSes, then you don't have to install anything on the > clients and just have to configure them for access. > > These links might be useful for you: > > UTD's 802.1x setup instructions for Windows XP: > http://www.utdallas.edu/ir/cats/network/wlan/8021x/winxp/index.html > > I actually gave an Educause Live presentation on UTD's 802.1x > deployment. Its archived here: > http://www.educause.edu/LIVE058 > > Hope that helps! > > --Mike > > On Jul 7, 2006, at 1:50 PM, Matt Ashfield wrote: > >> Hi All >> >> I'm trying to configure 802.1x wireless authentication using >> credentials >> stored in LDAP. >> >> I am running FreeRadius and SunOne ldap server. The Radius server is >> correctly doing authentication attempts to the LDAP server (I issue >> the >> "radtest" command with a username/passwd from LDAP and I get an >> authenticate-accept back). >> >> The next step is setting up an XP client to talk to an Access >> Point, which >> is configured to authenticate via the Raidus server, via LDAP. So >> far, in my >> minimal testing, I've seen the client try to connect using it's >> Windows >> credentials rather than giving the user a chance to enter a >> username/password. >> >> I'm sure others out there are doing this. I'm just wondering what >> you're >> using? EAP-TLS, PEAP, etc..? I guess I need to get my acronyms >> straight >> first and go from there. >> >> From what I can tell PEAP will require my users to install a >> certificate. >> We'd much rather prefer them to have to enter their LDAP usernames and >> passwords. >> >> Any advice is appreciated. >> >> Thanks >> >> >> Matt Ashfield >> [EMAIL PROTECTED] >> >> ********** >> Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at http:// >> www.educause.edu/groups/. > > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. > > --Apple-Mail-8-46845056 > Content-Type: application/pkcs7-signature; > name=smime.p7s > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename=smime.p7s > > MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIITNjCC A9gw > ggNBoAMCAQICEAKtnrSFCASWdA6c5IDs7CIwDQYJKoZIhvcNAQEEBQAwgcExCzAJBgNVBAYT AlVT > MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMiBQdWJsaWMgUHJp bWFy > eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEoYykgMTk5OCBWZXJp U2ln > biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBU cnVz > dCBOZXR3b3JrMB4XDTk5MDMzMTAwMDAwMFoXDTA3MDExNDIzNTk1OVowgeoxJzAlBgNVBAoT HlRo > ZSBVbml2ZXJzaXR5IG9mIFRleGFzIFN5c3RlbTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3Qg TmV0 > d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNv bS9y > cGEgKGMpOTkxMjAwBgNVBAsTKUNsYXNzIDIgQ0EgLSBPblNpdGUgSW5kaXZpZHVhbCBTdWJz Y3Jp > YmVyMS0wKwYDVQQDEyRUaGUgVW5pdmVyc2l0eSBvZiBUZXhhcyBhdCBEYWxsYXMgQ0EwgZ8w DQYJ > KoZIhvcNAQEBBQADgY0AMIGJAoGBAL/q74frHgrBAPkiEcHRwczbetq+NtJwYDBg5RngUy81 9Mmo > KQXW3j2d8waaZH2+0YdUeJv/onjx+4erw/yHTMJJQQ3hwNKl1/x+/0JRTnTzAdVoc6VdBDH4 5ikl > Y6gjmkRqgYsPsDnx79tGWMO6uM9L83rBokmVgyNDupsajzKFAgMBAAGjgaUwgaIwKQYDVR0R BCIw > IKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDEtMTQwMBEGCWCGSAGG+EIBAQQEAwIBBjBE BgNV > HSAEPTA7MDkGC2CGSAGG+EUBBwEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlz aWdu > LmNvbS9SUEEwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEEBQAD gYEA > B72f1hMvBgI2ig796k4sR85gkcRqcQmMrzFIDfyvJI/ogFQfQY6DcPNpm8dKsEX+ZQgh0gM8 sUo6 > SjJQDtojFdqobIMoTNkKQqcPikr/B6u9WJJO/Bii2FgLv+2jTDWaJFXh7FPopnmheXwSQ6a3 Y/O+ > Gkd7qQzWSJGuTRLQnjEwggPYMIIDQaADAgECAhACrZ60hQgElnQOnOSA7OwiMA0GCSqGSIb3 DQEB > BAUAMIHBMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsT M0Ns > YXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjE6MDgG A1UE > CxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEf MB0G > A1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazAeFw05OTAzMzEwMDAwMDBaFw0wNzAxMTQy MzU5 > NTlaMIHqMScwJQYDVQQKEx5UaGUgVW5pdmVyc2l0eSBvZiBUZXhhcyBTeXN0ZW0xHzAdBgNV BAsT > FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRw czov > L3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTk5MTIwMAYDVQQLEylDbGFzcyAyIENBIC0gT25T aXRl > IEluZGl2aWR1YWwgU3Vic2NyaWJlcjEtMCsGA1UEAxMkVGhlIFVuaXZlcnNpdHkgb2YgVGV4 YXMg > YXQgRGFsbGFzIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/6u+H6x4KwQD5IhHB 0cHM > 23ravjbScGAwYOUZ4FMvNfTJqCkF1t49nfMGmmR9vtGHVHib/6J48fuHq8P8h0zCSUEN4cDS pdf8 > fv9CUU508wHVaHOlXQQx+OYpJWOoI5pEaoGLD7A58e/bRljDurjPS/N6waJJlYMjQ7qbGo8y hQID > AQABo4GlMIGiMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwxLTE0MDAR Bglg > hkgBhvhCAQEEBAMCAQYwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcBATAqMCgGCCsGAQUFBwIB Fhxo > dHRwczovL3d3dy52ZXJpc2lnbi5jb20vUlBBMA8GA1UdEwQIMAYBAf8CAQAwCwYDVR0PBAQD AgEG > MA0GCSqGSIb3DQEBBAUAA4GBAAe9n9YTLwYCNooO/epOLEfOYJHEanEJjK8xSA38rySP6IBU H0GO > g3DzaZvHSrBF/mUIIdIDPLFKOkoyUA7aIxXaqGyDKEzZCkKnD4pK/wervViSTvwYothYC7/t o0w1 > miRV4exT6KZ5oXl8EkOmt2PzvhpHe6kM1kiRrk0S0J4xMIIFeTCCBOKgAwIBAgIQKC4yt96T gZKl > M7l59lmj4TANBgkqhkiG9w0BAQQFADCB6jEnMCUGA1UEChMeVGhlIFVuaXZlcnNpdHkgb2Yg VGV4 > YXMgU3lzdGVtMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJU ZXJt > cyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYyk5OTEyMDAGA1UE CxMp > Q2xhc3MgMiBDQSAtIE9uU2l0ZSBJbmRpdmlkdWFsIFN1YnNjcmliZXIxLTArBgNVBAMTJFRo ZSBV > bml2ZXJzaXR5IG9mIFRleGFzIGF0IERhbGxhcyBDQTAeFw0wNTA5MTkwMDAwMDBaFw0wNjA5 MTky > MzU5NTlaMIH4MScwJQYDVQQKFB5UaGUgVW5pdmVyc2l0eSBvZiBUZXhhcyBTeXN0ZW0xLTAr BgNV > BAsUJFRoZSBVbml2ZXJzaXR5IG9mIFRleGFzIGF0IERhbGxhcyBDQTFGMEQGA1UECxM9d3d3 LnZl > cmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5 OTEY > MBYGA1UECxQPTWFpbCBTdG9wIC0gVVREMRcwFQYDVQQDEw5NaWNoYWVsIEdyaWVnbzEjMCEG CSqG > SIb3DQEJARYUbWdyaWVnb0B1dGRhbGxhcy5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGB > ALk48cxF8UsJwD2ylFmqHfW+U/HuYMibLHBWuAol2r5+Cqdx0IBfSUoI0BG/leKOwKRzUpxH a7Wf > BPyYqTWic2hocYzeFALSykr1bftmFo32oegENn6yOG66gVz/bK6QSoq+YT48910uf03CzEK1 VPxx > UrmzywtMBsZX1VfrHZ+nAgMBAAGjggIOMIICCjAJBgNVHRMEAjAAMB8GA1UdEQQYMBaBFG1n cmll > Z29AdXRkYWxsYXMuZWR1MIIBJAYDVR0gBIIBGzCCARcwggETBgtghkgBhvhFAQcBBjCCAQIw KwYI > KwYBBQUHAgEWH2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEta3IwgdIGCCsGAQUFBwIC MIHF > GoHCTk9USUNFOiBQcml2YXRlIGtleSBtYXkgYmUgcmVjb3ZlcmVkIGJ5IFZlcmlTaWduJ3Mg Y3Vz > dG9tZXIgd2hvIG1heSBiZSBhYmxlIHRvIGRlY3J5cHQgbWVzc2FnZXMgeW91IHNlbmQgdG8g Y2Vy > dGlmaWNhdGUgaG9sZGVyLiAgVXNlIGlzIHN1YmplY3QgdG8gdGVybXMgYXQgaHR0cHM6Ly93 d3cu > dmVyaXNpZ24uY29tL3JwYS1rciAoYyk5OS4wEQYJYIZIAYb4QgEBBAQDAgeAMHUGA1UdHwRu MGww > aqBooGaGZGh0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29tL1RoZVVuaXZlcnNpdHlvZlRl eGFz > U3lzdGVtVGhlVW5pdmVyc2l0eW9mVGV4YXNhdERhbGxhc0NBL0xhdGVzdENSTC5jcmwwCwYD VR0P > BAQDAgUgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjANBgkqhkiG9w0BAQQFAAOB gQAN > uSDKz3R9lFsroOj1d4RrcISyo0oqPXmAi12TUBoEdzR8Z8Oo6Idh4ICXIPqTe83wTWaxdXh1 exxd > XliLfAaOFR3bfRIclh0Wk1/ousJiywNtqr5SHDu49xX2nVXuUz8fbV0Ay/N2fBWGIzszHkQx h6Oj > TxJhMvBAaJgCil9QpzCCBf0wggVmoAMCAQICEHDWH66Y38ggYd9AHc+GUXYwDQYJKoZIhvcN AQEE > BQAwgeoxJzAlBgNVBAoTHlRoZSBVbml2ZXJzaXR5IG9mIFRleGFzIFN5c3RlbTEfMB0GA1UE CxMW > VmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBz Oi8v > d3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpOTkxMjAwBgNVBAsTKUNsYXNzIDIgQ0EgLSBPblNp dGUg > SW5kaXZpZHVhbCBTdWJzY3JpYmVyMS0wKwYDVQQDEyRUaGUgVW5pdmVyc2l0eSBvZiBUZXhh cyBh > dCBEYWxsYXMgQ0EwHhcNMDUwOTE5MDAwMDAwWhcNMDYwOTE5MjM1OTU5WjCB+DEnMCUGA1UE ChQe > VGhlIFVuaXZlcnNpdHkgb2YgVGV4YXMgU3lzdGVtMS0wKwYDVQQLFCRUaGUgVW5pdmVyc2l0 eSBv > ZiBUZXhhcyBhdCBEYWxsYXMgQ0ExRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3Np dG9y > eS9DUFMgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTkxGDAWBgNVBAsUD01haWwgU3Rv cCAt > IFVURDEXMBUGA1UEAxMOTWljaGFlbCBHcmllZ28xIzAhBgkqhkiG9w0BCQEWFG1ncmllZ29A dXRk > YWxsYXMuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2qOJnnfkeNwghnq UDjD > cO9OzNVhx6KBKD+qZyxNmaOE80TLMsBVjP6+leBGAYct6ErNRjOeO2Knd9ODms2xZrtHU1ES kxN0 > R2XJN/kngIDq/Sf8Unl2WTLn9Z8dXxXiLsvAMYYAyYz6E07dCEXyKIbyH8Ey9QMWiDG8GGh/ TfpJ > eVtM0RQgNhAWeCOvNVWffY8QRwmufCgwlmv+OVl1Xn0cMP6+zInIF1O/9EH+AfLFsBiextvj hYzB > 9acXjrbxF7/0y77vD1RDGQp74g282x56iowwaMs2r5U/5sUdIlKOYKrZDQ7q3qpP8yBLRlna 1CVW > BDUgBTiI27XUmwVvyQIDAQABo4ICDjCCAgowCQYDVR0TBAIwADAfBgNVHREEGDAWgRRtZ3Jp ZWdv > QHV0ZGFsbGFzLmVkdTCCASQGA1UdIASCARswggEXMIIBEwYLYIZIAYb4RQEHAQYwggECMCsG CCsG > AQUFBwIBFh9odHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhLWtyMIHSBggrBgEFBQcCAjCB xRqB > wk5PVElDRTogUHJpdmF0ZSBrZXkgbWF5IGJlIHJlY292ZXJlZCBieSBWZXJpU2lnbidzIGN1 c3Rv > bWVyIHdobyBtYXkgYmUgYWJsZSB0byBkZWNyeXB0IG1lc3NhZ2VzIHlvdSBzZW5kIHRvIGNl cnRp > ZmljYXRlIGhvbGRlci4gIFVzZSBpcyBzdWJqZWN0IHRvIHRlcm1zIGF0IGh0dHBzOi8vd3d3 LnZl > cmlzaWduLmNvbS9ycGEta3IgKGMpOTkuMBEGCWCGSAGG+EIBAQQEAwIHgDB1BgNVHR8EbjBs MGqg > aKBmhmRodHRwOi8vb25zaXRlY3JsLnZlcmlzaWduLmNvbS9UaGVVbml2ZXJzaXR5b2ZUZXhh c1N5 > c3RlbVRoZVVuaXZlcnNpdHlvZlRleGFzYXREYWxsYXNDQS9MYXRlc3RDUkwuY3JsMAsGA1Ud DwQE > AwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwDQYJKoZIhvcNAQEEBQADgYEA ByGQ > xnXyV3FGCsWG0zuy7+YwqTxttEKglzVqnjJgIXB/ePzeAYN/mUdU/9F5ngLRQkztvFRuIXK/ 8Zrz > HhLdQbmSKZ/YFnmcNpPekwzBHmbM7spnMP6dgsDM9/hMZzx9QrKsblYJ0ZyQaGem2Mb1xUrF om+j > BVS/7moekcjdzBExggS0MIIEsAIBATCB/zCB6jEnMCUGA1UEChMeVGhlIFVuaXZlcnNpdHkg b2Yg > VGV4YXMgU3lzdGVtMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQL EzJU > ZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYyk5OTEyMDAG A1UE > CxMpQ2xhc3MgMiBDQSAtIE9uU2l0ZSBJbmRpdmlkdWFsIFN1YnNjcmliZXIxLTArBgNVBAMT JFRo > ZSBVbml2ZXJzaXR5IG9mIFRleGFzIGF0IERhbGxhcyBDQQIQcNYfrpjfyCBh30Adz4ZRdjAJ BgUr > DgMCGgUAoIICiTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0w NjA3 > MDcxOTIzNDBaMCMGCSqGSIb3DQEJBDEWBBT+VtogDxwzXr/AIC0rGedWZtX+NzCCAREGCSsG AQQB > gjcQBDGCAQIwgf8wgeoxJzAlBgNVBAoTHlRoZSBVbml2ZXJzaXR5IG9mIFRleGFzIFN5c3Rl bTEf > MB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNl IGF0 > IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpOTkxMjAwBgNVBAsTKUNsYXNzIDIg Q0Eg > LSBPblNpdGUgSW5kaXZpZHVhbCBTdWJzY3JpYmVyMS0wKwYDVQQDEyRUaGUgVW5pdmVyc2l0 eSBv > ZiBUZXhhcyBhdCBEYWxsYXMgQ0ECECguMrfek4GSpTO5efZZo+EwggETBgsqhkiG9w0BCRAC CzGC > AQKggf8wgeoxJzAlBgNVBAoTHlRoZSBVbml2ZXJzaXR5IG9mIFRleGFzIFN5c3RlbTEfMB0G A1UE > CxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0 dHBz > Oi8vd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpOTkxMjAwBgNVBAsTKUNsYXNzIDIgQ0EgLSBP blNp > dGUgSW5kaXZpZHVhbCBTdWJzY3JpYmVyMS0wKwYDVQQDEyRUaGUgVW5pdmVyc2l0eSBvZiBU ZXhh > cyBhdCBEYWxsYXMgQ0ECECguMrfek4GSpTO5efZZo+EwDQYJKoZIhvcNAQEBBQAEggEAh6ee 5QFC > iT5qp2ObpGJjp6NZX1GYnD0HoAINN2ODCrU3z2npjoAtnqKchnEtCRwDNhBacNP4UIl5oQ05 /a9g > yJ7OmhQD6MdUD0aUb2xw0qQbawT43WLskjzP8B6VRrBc4qHhA2DhLg7+J3evxa0qPU9i+76D uS9Y > f4w5JM/G4RFK6E8/QMTkqHOdHpluvI4aAmOY/PUDcBp63kObxtx/Xi/rvOogR/9Ow8aZoIpg BL6z > OkiYaYXz7m9TlWD0zMnXt68BfrTulKHBvKALuQmhvidrusy01Jzay3CI3/i+FyYTtLCyFBMF fQmQ > MFYEZ9OtRtFW2jGlUoZCtq5uYTaz9gAAAAAAAA== > --Apple-Mail-8-46845056-- > > ------------------------------ > > Date: Fri, 7 Jul 2006 15:25:57 -0400 > From: "King, Michael" <[EMAIL PROTECTED]> > Subject: Re: 802.1x authentication using LDAP > > =20 > > -----Original Message----- > On Fri, 7 Jul 2006, Matt Ashfield wrote: > >> I am running FreeRadius and SunOne ldap server.=20 > > Whoops, missed that part. > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. > > ------------------------------ > > End of WIRELESS-LAN Digest - 4 Jul 2006 to 7 Jul 2006 (#2006-98) > **************************************************************** -- Robert Taylor Network Engineer [EMAIL PROTECTED] 617-258-5048 -- Robert Taylor Network Engineer [EMAIL PROTECTED] 617-258-5048 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
