07-18-2002 05:20 AM - edited 07-04-2021 11:19 PM
Hi,
im wondering if i could somehow authenticate wireless users with securID OTP? is there any way of proxing the authentication to securid server?
have anyony heard of the internet draft for eap-securid?
http://www.globecom.net/ietf/draft/draft-josefsson-eap-securid-01.html
07-25-2002 11:15 AM
SecurID will nullify the great feature of LEAP: Dynamic Session Key rotation. The key rotation is generated as the client renews the authentication in given duration using the stored password. The SecurID password is dynamic consisting of a static PIN plus a random token string.
I tried integrating ACS RADIUS and ACE using non-changing session key, but the RADIUS keep giving out DLL error.
Audie
08-06-2002 06:28 AM
I believe PEAP is supposed to fix this. We got it to work in the lab (LEAP), but were prompted for the SecurID credentials at each key rotation. Not optimal.
-brkn!
02-19-2003 12:00 AM
PEAP and ACS 3.1 when used with the aironet-session timeout work perfectly for this.
02-25-2003 08:16 AM
LEAP and the SecurID is what we were originally asked to provide, but we found that rather than the ACS (3.0) sending true RADIUS authentication requests, it was instead using a version of MS-CHAP which the ACE would throw out and return a DLL error. As already mentioned PEAP with ACS 3.1 does support the use of SecurID OTP.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: