Wireless Authentication and SID

Scenario - Windows 2000 Domain called ABC.com using IAS policies with PEAP authentication.

Question - Does the authentication of a wireless client go as deep as the SID of the client to authenticate? Or just the computer and user account info?

Could somebody create a domain the same as ABC.com and join their laptop to that domain using the same computer name, username and password as a computer on the real ABC.com domain. Then go into the building of ABC and get authenticated successfully onto the real ABC.com wireless network?

------------------------------------------------------------------------ View this thread:

formatting link

Reply to
Loading thread data ...


No SID is used, which would authenticate the machine, not the user. IAS is Microsoft's implimentation of RADIUS authentication.

There's a sample transaction that gives an idea of what gets sent. It varies by the type of connection.

No. Authentication would fail at the RADIUS authenticator and MS-CHAP challenge steps. What's missing is that the spoofed client does not have a valid certificate. See above URL under "authentication process". Note that the SID (system ID) is used with AD (Active Directory) forests, which you're probably not running on W2K server.

Reply to
Jeff Liebermann

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.