Intel SUpplicant, TLS and Outer Identity

Unanswered Question
Nov 30th, 2009

Dear All, Customer has installed Cisco UWN/ACS/Backend MS Directory and user WPA2 with TLS Machine Auth and CHAPv2 as inner Method. In the Intel Supplicant i have to administer the "Roaming Identity". We tried User Domain Accounts, anonymous and User Accounts with Wildcards in it. Sometimes these seems to issue Problems. Can anyone tell me what is a good Practice for the outer/ roaming Identity? Thx in adv, Michael

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Robert.N.Barrett_2 Mon, 11/30/2009 - 07:12

It really sort of depends on what you want others to be able to see.  The outer identity is sent in clear text over the air during the initial steps of EAP authentication.  In a world where you have a Microsoft or Cisco RADIUS server (IAS or ACS, respectively), and your client operating systems and wireless supplicants are up-to-date, you should be able to use "anonymous" without issues.  If you live in a MS Active Directory world, you definitely want to use either domain\userid, or "anonymous".

Actions

This Discussion

 

 

Trending Topics - Security & Network