Cisco Leap with RSA SecurID (eap-securid) authentication???

kj · ‎07-18-2002

Hi,

im wondering if i could somehow authenticate wireless users with securID OTP? is there any way of proxing the authentication to securid server?

have anyony heard of the internet draft for eap-securid?

http://www.globecom.net/ietf/draft/draft-josefsson-eap-securid-01.html

aonibala · ‎07-25-2002

SecurID will nullify the great feature of LEAP: Dynamic Session Key rotation. The key rotation is generated as the client renews the authentication in given duration using the stored password. The SecurID password is dynamic consisting of a static PIN plus a random token string.

I tried integrating ACS RADIUS and ACE using non-changing session key, but the RADIUS keep giving out DLL error.

Audie

brok3n · ‎08-06-2002

I believe PEAP is supposed to fix this. We got it to work in the lab (LEAP), but were prompted for the SecurID credentials at each key rotation. Not optimal.

-brkn!

grshaw · ‎02-19-2003

PEAP and ACS 3.1 when used with the aironet-session timeout work perfectly for this.

damien.wildgoose · ‎02-25-2003

LEAP and the SecurID is what we were originally asked to provide, but we found that rather than the ACS (3.0) sending true RADIUS authentication requests, it was instead using a version of MS-CHAP which the ACE would throw out and return a DLL error. As already mentioned PEAP with ACS 3.1 does support the use of SecurID OTP.