COMPGROUPS.NET | Search | Post Question | Groups | Stream | About | Register

radius authentication

  • Follow


Hi all,
I'm trying to use radius authentication for testing and I  have
observed that if I
use a CHAP request with my client it overrides the secret key ( shared
):
it means that I can write wrong key with correct account and the
authentication WORKS.

If I use PAP method ther is no problem because I MUST put the correct
shared key
and authentication doesn't work with wrong key.

I think this is a normal behaviour but I cannot find this in Radius
RFC.

Does anyone know if this behaviour is correct ?

thanks in advance
Loris
0
Reply l.cardullo (1) 2/15/2006 12:54:48 PM 

Hi,

In case of PAP the "password" field is encrypted using the secret key.
If the secret key does not match the radius server will never have the
right password.

CHAP and MsChap do not use the "password" field like PAP. Hence the
secret key isnt used in CHAP to encrypt the password. The Radius server
will pass the authentication.

l.cardullo@virgilio.it wrote:
> Hi all,
> I'm trying to use radius authentication for testing and I  have
> observed that if I
> use a CHAP request with my client it overrides the secret key ( shared
> ):
> it means that I can write wrong key with correct account and the
> authentication WORKS.
>
> If I use PAP method ther is no problem because I MUST put the correct
> shared key
> and authentication doesn't work with wrong key.
>
> I think this is a normal behaviour but I cannot find this in Radius
> RFC.
>
> Does anyone know if this behaviour is correct ?
> 
> thanks in advance
> Loris
0
Reply hellboy 2/16/2006 7:35:53 PM

comp.dcom.sys.cisco 24948 articles. 24 followers.

1 Replies
109 Views

(page loaded in 0.044 seconds)

Similiar Articles:

Configuring ACS 4.2 to delegate authentication request 2 radius ...
Hi, We need to run the following scenario: Cisco VPN client (or Any Connect, Cisco SSL VPN client) ----> Cisco ASA 5520 -----> Cisco ACS 4.2 --...

Login authentication to Nortel switch using Cisco ACS v3.3 Radius ...
Hi, We have a Nortel BayStack 470 switch configured with Radius authentication. We also have a Cisco ACS version 3.3 server which works as a Radius &...

EAP-TLS machine authentication with ACS server - comp.dcom.sys ...
Hello, I'm working on a limited 802.1x rollout, and was hoping to use Cisco ACS server as my RADIUS server / Authentication Server. Initial testing ...

Sample code for GSSAPI auth with cleartext password? - comp.unix ...
"Mike Eisler" <spamisevi1@yahoo.com> writes: >So do you want to send a password to your modem pool server, and >have it then send it to RADIUS for authentication?

Active Directory User authentication - comp.soft-sys.matlab ...
Active Directory User authentication - comp.soft-sys.matlab ... Sample code for GSSAPI auth with cleartext password? - comp.unix ... (The RADIUS server handles ...

Cisco ACS - Limit Network Access Profiles to Active Directory User ...
For instance, in the lab I have a Cisco 3750 switch using RADIUS authentication tied back to the ACS server to control login access. But given my current ACS ...

PEAP machine authentication problem - comp.dcom.sys.cisco ...
VMWare ESXi ... HaS anyone had any issues with MAC authentication on ACS 5.1 ... Re: ACS 5.1 and Radius Authentication; Re: WLC 6.0 + ACS 5 + PEAP; Re ...

anyone has Cisco ACS 4.0? - comp.dcom.sys.cisco
EAP-TLS machine authentication with ACS server - comp.dcom.sys ... 2 - If not, does anyone know of a product (maybe Steel-Belted RADIUS?) that ... anyone has Cisco ACS 4.0 ...

Bequeath connections - comp.databases.oracle.server
... 192-bit encryption AES 256-bit encryption MD5 crypto-checksumming SHA-1 crypto-checksumming Kerberos v5 authentication RADIUS authentication ...

Using Radius filter id attribute for VPN clients - comp.dcom.sys ...
... VPN service module handling VPN client access, authenticated by an RSA RADIUS ... authorization network groupauthor local specified for group shared-secret authentication.

RADIUS - Wikipedia, the free encyclopedia
Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management ...

An Analysis of the RADIUS Authentication Protocol
The identifier is a one octet value that allows the RADIUS client to match a RADIUS response with the correct outstanding request. The attributes section is where an ...

7/22/2012 12:46:52 PM


Reply:
Privacy Policy | All Times Are GMT(UTC) | powered by