November 15th, 2006, 09:07 AM
Wireless Authentication LEAP or MS-CHAPV2
I worked for a small educational environment (college), we have got Aironet AP 1230, what will the recommended authentication for such environment ? does LEAP do the job or MS-CHAPV2 or something else
November 15th, 2006, 05:46 PM
Well im no expert on the subject however MS-ChapV2 we know is an insecure protocal. and Leap is crackable to not to mention there is only a short list of cards that support it. I would Suggest PEAP and using Certs. This allows you to keep it open but hold users accountable to the system. You also have to decide if you wish to protect clients from other clients. If that is the case id block every thing cept ports 80 and 443. This allows all web traffic and if the user is smart they can still run most IM clients. Just do it over port 80. Peap will alow your users to use what wifi cards they allready have as well. Here is a short article about it and im sure google has more on the subject. http://www.microsoft.com/technet/sec...tc/peap_1.mspx
Just my two cents hope this helps.
...."Cant stop the signal Mel, Every thing goes some where and i go every where."...... "From here to the eyes and the ears of the verse, thats my motto or might be if i start having a motto" - Mr. Universe "Serenity"
December 8th, 2006, 10:11 PM
We're using MS-CHAPv2 with PEAP (with WPA encryption) so that the user's AD credentials combined with the user certificate will log them in over the wireless with full access to their network shares and exchange.
If you don\'t believe in God why do you pray before restoring your back-ups?
March 19th, 2007, 08:23 PM
We have layer 2, 802.1x encapsulating MS-CHAPv2 in a Protected EAP session (PEAP) to a Microsoft IAS (RADIUS) server which in turn provides Active Directory challenge response to both user and hardware authentication. We have WPA-TKIP configured to re-key using 802.1x every 900 seconds.
We have a server certificate instead of individual client certificates.
March 19th, 2007, 08:34 PM