Wireless Authentication and SID

- B
- BrettMcClellan
  
  Contact options for registered users
posted
16 years ago

Wed, Feb 13, 2008 5:35 PM

Scenario - Windows 2000 Domain called ABC.com using IAS policies with PEAP authentication.

Question - Does the authentication of a wireless client go as deep as the SID of the client to authenticate? Or just the computer and user account info?

Could somebody create a domain the same as ABC.com and join their laptop to that domain using the same computer name, username and password as a computer on the real ABC.com domain. Then go into the building of ABC and get authenticated successfully onto the real ABC.com wireless network?

------------------------------------------------------------------------ View this thread:

formatting link

Loading thread data ...

- J
- Jeff Liebermann
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Thu, Feb 14, 2008 1:16 AM

OK.

No SID is used, which would authenticate the machine, not the user. IAS is Microsoft's implimentation of RADIUS authentication.

There's a sample transaction that gives an idea of what gets sent. It varies by the type of connection.

No. Authentication would fail at the RADIUS authenticator and MS-CHAP challenge steps. What's missing is that the spoofed client does not have a valid certificate. See above URL under "authentication process". Note that the SID (system ID) is used with AD (Active Directory) forests, which you're probably not running on W2K server.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.