- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: HP ProCurve MAC Authentication - CHAP-Password...
Switches, Hubs, and Modems
1756990
Members
2382
Online
108858
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2007 09:24 AM
тАО02-22-2007 09:24 AM
HP ProCurve MAC Authentication - CHAP-Password in RADIUS Request
I configured the switch port to do MAC Authentication. The RADIUS request packet contains a CHAP-Password.
1) What is the value stored this attribute?
2) Is it a digest and/or encrypted?
Looking at RFC 2865 for RADIUS, the RADIUS server is expected to do MD5 digest of the CHAP ID + [clear text] password + Request Authenticator and compare that digest to the CHAP-Password.
So, is the above what is in the contents of the CHAP-Password sent by the switch?
Is the encryption key that is configured as part of RADIUS configuration on the switch used anywhere?
For MAC Authentication is the password the MAC address of the client?
1) What is the value stored this attribute?
2) Is it a digest and/or encrypted?
Looking at RFC 2865 for RADIUS, the RADIUS server is expected to do MD5 digest of the CHAP ID + [clear text] password + Request Authenticator and compare that digest to the CHAP-Password.
So, is the above what is in the contents of the CHAP-Password sent by the switch?
Is the encryption key that is configured as part of RADIUS configuration on the switch used anywhere?
For MAC Authentication is the password the MAC address of the client?
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2007 01:59 PM
тАО02-22-2007 01:59 PM
Re: HP ProCurve MAC Authentication - CHAP-Password in RADIUS Request
Hi
In RADIUS-CHAP user names and one-way hashes of random challenges and passwords are passed as authentication credentials.
With MAC Authentication, each RADIUS server will be different for configuration, however, you are required to create a user in the RADIUS server using the format of the MAC address (aa-bb-cc-dd-ee-ff) (six hexadecimal pairs with dashes) as the username and the user must have a password that is the same MAC address (use lowercase characters).
The encryption key is used between the Switch and the RADIUS, and it could be global for all the RADIUS servers you have and it can be unique for a dedicated server.
So encryption is not related to the MAC-Authentication, its a part of your RADIUS configuration to communicate with the Switch.
Good Luck !!!
In RADIUS-CHAP user names and one-way hashes of random challenges and passwords are passed as authentication credentials.
With MAC Authentication, each RADIUS server will be different for configuration, however, you are required to create a user in the RADIUS server using the format of the MAC address (aa-bb-cc-dd-ee-ff) (six hexadecimal pairs with dashes) as the username and the user must have a password that is the same MAC address (use lowercase characters).
The encryption key is used between the Switch and the RADIUS, and it could be global for all the RADIUS servers you have and it can be unique for a dedicated server.
So encryption is not related to the MAC-Authentication, its a part of your RADIUS configuration to communicate with the Switch.
Good Luck !!!
Science for Everyone
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-10-2007 06:58 PM
тАО04-10-2007 06:58 PM
Re: HP ProCurve MAC Authentication - CHAP-Password in RADIUS Request
Hi,
We are setting up MAC Authentication with an AD IAS radius server using a HP 2650 switch.
Is it possible to tell the switch what password to use?
So that the username is the MAC address and the password is something we have configured.
The reason for this is to get around the AD password complexity issue.
We are setting up MAC Authentication with an AD IAS radius server using a HP 2650 switch.
Is it possible to tell the switch what password to use?
So that the username is the MAC address and the password is something we have configured.
The reason for this is to get around the AD password complexity issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-16-2007 05:53 PM
тАО12-16-2007 05:53 PM
Re: HP ProCurve MAC Authentication - CHAP-Password in RADIUS Request
Yes, we have the same issue - need to have a secure password - where the mac address doesnt meet the password complexity.
Windows 2003 R2 out of the box now includes this, and our security policy requires it.
Any ideas around this - while still using IAS with AD?
Cheers
David
Windows 2003 R2 out of the box now includes this, and our security policy requires it.
Any ideas around this - while still using IAS with AD?
Cheers
David
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP