12-05-2022 06:44 PM
Hi.
I tried to auth using chap method for Test aaa server on SZ.
But SZ used only pap mothod for Test aaa server.
Doesn't this test mothod apply yet on SZ?
Regards.
Solved! Go to Solution.
08-20-2024 04:58 PM - edited 08-20-2024 04:58 PM
I tested it recently, and it was possible to test with chap in versions sz 6.1.2 and 7.0.0.
It was not possible with chap for a long time, but it was recently patched.
12-19-2022 12:26 AM
Hello @Jeronimo,
I you would like to enable CHAP Test AAA. You need enable reversible encryption password in AD server. Please review below Document for more info on the same.
Ruckus has nothing to do with the encryption method, we can only choose the Authentication Protocol type in configuration.
Parik
12-19-2022 01:32 AM - edited 12-19-2022 01:34 AM
Thanks for your mention.
B utA main point of this oservtion is vsz don't try chap method though i choose chap.
The ariticle is not related this symptom.
I have confirmed this symptom via free-radius and windows nps both.
When i tried to auth pa and chap using other supplicant not vSZ, i had confirmed chap or pap was shooted.
Has Anyone tested it?
12-19-2022 01:40 AM
Hi @Jeronimo,
The symptoms you mentioned is usual. The settings in AAA profile is just for Testing the user credentials using PAP or CHAP. That doesn't mean we could use the same method in Dot1x authentication. For wireless client authentication the protocol used is client perspective and much more secure than just PAP/CHAP. They could use one of these, EAP/PEAP, EAP/MSCHAP-V2, EAP/TLS.
Regards,
Parik
12-19-2022 01:53 AM - edited 12-19-2022 01:55 AM
Hi parik.
As your mention, if this symptom is usual, rukcus has to remove chap method on aaa test window.
Main goal of Test aaa tool is simple checking whether the id/pass was registered or active via pap or chap.
The reason of removing this is someone who want to check via pap or chap method feels very confusing.
Why does chap method exist on aaa test window?
12-19-2022 02:54 AM - edited 12-19-2022 06:24 AM
Hello @Jeronimo,
There is a reason behind this option. Some customers prefer to Test the credentials in secure way. They could opt for CHAP, which uses reversible encryption method and pretty challenging to decrypt.
Regards,
Parik