EditDiscussionPage history

Difference between revisions of "RADIUS Authentication testing"

 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
Testing the RADIUS authentication depends on the operating system of a device and the android need to set phase 2 authentication.
+
Testing the RADIUS authentication depends on the operating system of a device and a android device needs to set phase 2 authentication.
  
 
==== User Authentication in Local Database ====
 
==== User Authentication in Local Database ====
Line 8: Line 8:
 
If you select the MSCHAPV2, you must add a user-password as clear-text or Windows NT hashed.</ref>
 
If you select the MSCHAPV2, you must add a user-password as clear-text or Windows NT hashed.</ref>
 
|-
 
|-
| IOS || - || Trust the "BaseinWPA Server Certificate" || -
+
| IOS || - || Trust the Certificate || -
 
|-
 
|-
 
| Windows 8, 10 || - || - || -
 
| Windows 8, 10 || - || - || -
Line 14: Line 14:
  
  
==== Pass-Through Authentication / LDAP  ====
+
==== External Database / LDAP  ====
You can't use some phase 2 authentication method because the user-password must be decrypted into the plaintext to authenticate the user credentials from a remove database or a LDAP server,  
+
You can't use some phase 2 authentication methods because the user-password must be decrypted into the plaintext to authenticate the user credentials from a remove database or a LDAP server,  
  
 
{| class="wikitable"
 
{| class="wikitable"
Line 22: Line 22:
 
| Android || TTLS or PEAP || Select "Do not validate" || TTLS-GTC, TTLS-PAP, or PEAP-GTC
 
| Android || TTLS or PEAP || Select "Do not validate" || TTLS-GTC, TTLS-PAP, or PEAP-GTC
 
|-
 
|-
| IOS || - || Trust the "BaseinWPA Server Certificate" || -
+
| IOS || - || Trust the Certificate || -
 
|-
 
|-
 
| Windows 10<ref>The older Microsoft Windows than version 10 does not support TTLS-GTC, TTLS-PAP, or PEAP-GTC</ref> || - || - || -
 
| Windows 10<ref>The older Microsoft Windows than version 10 does not support TTLS-GTC, TTLS-PAP, or PEAP-GTC</ref> || - || - || -

Latest revision as of 16:13, 7 March 2025

Testing the RADIUS authentication depends on the operating system of a device and a android device needs to set phase 2 authentication.

User Authentication in Local Database

Operating system EAP CA Certificate phase 2 authentication
Android TTLS or PEAP Select "Do not validate" TTLS-GTC, TTLS-PAP, TTLS-MSCHAPV2,
PEAP-GTC, or PEAP-MSCHAPV2[1]
IOS - Trust the Certificate -
Windows 8, 10 - - -


External Database / LDAP

You can't use some phase 2 authentication methods because the user-password must be decrypted into the plaintext to authenticate the user credentials from a remove database or a LDAP server,

Operating system EAP CA Certificate phase 2 authentication
Android TTLS or PEAP Select "Do not validate" TTLS-GTC, TTLS-PAP, or PEAP-GTC
IOS - Trust the Certificate -
Windows 10[2] - - -

The hyphen(-) means "don't care."

  1. If you select the MSCHAPV2, you must add a user-password as clear-text or Windows NT hashed.
  2. The older Microsoft Windows than version 10 does not support TTLS-GTC, TTLS-PAP, or PEAP-GTC