Difference between revisions of "RADIUS Authentication testing"

Latest revision as of 16:13, 7 March 2025

Testing the RADIUS authentication depends on the operating system of a device and a android device needs to set phase 2 authentication.

User Authentication in Local Database

Operating system	EAP	CA Certificate	phase 2 authentication
Android	TTLS or PEAP	Select "Do not validate"	TTLS-GTC, TTLS-PAP, TTLS-MSCHAPV2, PEAP-GTC, or PEAP-MSCHAPV2^[1]
IOS	-	Trust the Certificate	-
Windows 8, 10	-	-	-

External Database / LDAP

You can't use some phase 2 authentication methods because the user-password must be decrypted into the plaintext to authenticate the user credentials from a remove database or a LDAP server,

Operating system	EAP	CA Certificate	phase 2 authentication
Android	TTLS or PEAP	Select "Do not validate"	TTLS-GTC, TTLS-PAP, or PEAP-GTC
IOS	-	Trust the Certificate	-
Windows 10^[2]	-	-	-

The hyphen(-) means "don't care."

↑ If you select the MSCHAPV2, you must add a user-password as clear-text or Windows NT hashed.
↑ The older Microsoft Windows than version 10 does not support TTLS-GTC, TTLS-PAP, or PEAP-GTC

[1] If you select the MSCHAPV2, you must add a user-password as clear-text or Windows NT hashed.

[2] The older Microsoft Windows than version 10 does not support TTLS-GTC, TTLS-PAP, or PEAP-GTC

[1]

[2]

@@ Line 22: / Line 22: @@
 | Android || TTLS or PEAP || Select "Do not validate" || TTLS-GTC, TTLS-PAP, or PEAP-GTC
 |-
-| IOS || - || Trust the "BaseinWPA Server Certificate" || -
+| IOS || - || Trust the Certificate || -
 |-
 | Windows 10<ref>The older Microsoft Windows than version 10 does not support TTLS-GTC, TTLS-PAP, or PEAP-GTC</ref> || - || - || -