I have to clarify something for myself here. When you enter the wrong password into the Windows PEAP Client, IAS will lock the account out because the client will keep trying the wrong password?
Wow. The major RADIUS servers all have the correct behavior, in that if you put the wrong password, it will send the correct response back to the client to force it to reprompt the client to re-enter the username/password. I've tested this with FreeRadius (Everything from .97 up has it) Funk (Juniper now) Steel Belted Radius (SBR) and IDEngines Ignition server. I figured Microsoft would use they're own API, and perform the correct action. I guess that would be a false assumption. (To clarify my point, I'm blaming IAS for not following the RADIUS specs that Microsoft created when they made the PEAP client in Windows XP. ) ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
