Difference between revisions of "RADIUS Authentication testing"

Revision as of 21:53, 9 March 2021

Testing the RADIUS authentication depends on the operating system of a device and the android need to set phase 2 authentication.

User Authentication in Local Database

Operating system	EAP	CA Certificate	phase 2 authentication
Android	TTLS or PEAP	Select "Do not validate"	TTLS-GTC, TTLS-PAP, TTLS-MSCHAPV2, PEAP-GTC, or PEAP-MSCHAPV2^[1]
IOS	-	Trust the "BaseinWPA Server Certificate"	-
Windows 8, 10	-	-	-

Pass-Through Authentication / LDAP

You can't use some phase 2 authentication method because the user-password must be decrypted into the plaintext to authenticate the user credentials from a remove database or a LDAP server,

Operating system	EAP	CA Certificate	phase 2 authentication
Android	TTLS or PEAP	Select "Do not validate"	TTLS-GTC, TTLS-PAP, or PEAP-GTC
IOS	-	Trust the "BaseinWPA Server Certificate"	-
Windows 10^[2]	-	-	-

The hyphen(-) means "don't care."

↑ If you select the MSCHAPV2, you must add a user-password as clear-text or Windows NT hashed.
↑ The older Microsoft Windows than version 10 does not support TTLS-GTC, TTLS-PAP, or PEAP-GTC

[1] If you select the MSCHAPV2, you must add a user-password as clear-text or Windows NT hashed.

[2] The older Microsoft Windows than version 10 does not support TTLS-GTC, TTLS-PAP, or PEAP-GTC

[1]

[2]

@@ Line 10: / Line 10: @@
 | IOS || - || Trust the "BaseinWPA Server Certificate" || -
 |-
-| Windows 10 || - || - || -
+| Windows 8, 10 || - || - || -
 |}