Security Basics mailing list archives
802.1x, IAS and SecurID
From: "Batkin, Seva" <Seva_Batkin () canaccord com>
Date: Thu, 25 Sep 2003 19:54:11 -0700
Hi All, I apologize in advance if this has been previously discussed. However, here are the questions I have. I have just completed setting up 802.1x system to secure our wireless communications. Specifically I have installed Microsoft IAS, enabled PEAP and integrated with our existing Domain Controller. I am currently using Windows XP SP1 clients but plan to test this on W2k as well. I have noticed strange behavior on the client, specifically persistent caching of the login credentials. I have disabled the "use windows logon credentials" checkbox in PEAP configuration and was once asked for username, password and domain. However it seems that once authenticated, XP requires no more intervention. Even if I logoff or reboot the machine, the password is still stored. I am wondering if there is anyway that this behavior could be changed, ideally I would like the user to enter the passwords much more often, at least after a reboot. The second issue I found is while integrating with RSA's securID system. I successfully installed the agent on the IAS server and it seems that the RSA module is now enabled. All the connections to the server are fine. The problem came when I changed the authentication method for PEAP form MSCHAPv2 to RSA. The XP consistently tried to login using the same old credentials and would completely refused to ask for new login information. On the AP I could easily see that the IAS server (through EAP) would reply that previous credentials are no longer valid...something that the client appeared to ignore. Am I missing something here? Thanx for all your help Seva Batkin Sr. Network Engineer Canaccord Capital "Canaccord Capital Corporation <canaccord.com>" made the following annotations on 09/25/2003 07:54:15 PM ------------------------------------------------------------------------------ This message may contain confidential or privileged material. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this message in error, please immediately reply to the sender and delete this information from your computer. Thank you. ============================================================================== --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- 802.1x, IAS and SecurID Batkin, Seva (Sep 26)