This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

I can't try to auth using chap for Test AAA server on Smartzone.

Go to solution
Jeronimo
New Contributor III

‎12-05-2022 06:44 PM

Hi.

I tried to auth using chap method for Test aaa server on SZ.

But SZ used only pap mothod for Test aaa server.

 

Doesn't this test mothod apply yet on SZ?

Regards.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Jeronimo
New Contributor III

‎08-20-2024 04:58 PM - edited ‎08-20-2024 04:58 PM

I tested it recently, and it was possible to test with chap in versions sz 6.1.2 and 7.0.0.

It was not possible with chap for a long time, but it was recently patched.

View solution in original post

0 Kudos
12 REPLIES 12

Go to solution
Parik_MN
RUCKUS Team Member

‎12-19-2022 12:26 AM

Hello @Jeronimo

 

I you would like to enable CHAP Test AAA. You need enable reversible encryption password in AD server. Please review below Document for more info on the same.
Ruckus has nothing to do with the encryption method, we can only choose the Authentication Protocol type in configuration.


https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/store-...

Regards,

Parik

0 Kudos

Go to solution
Jeronimo
New Contributor III
In response to Parik_MN

‎12-19-2022 01:32 AM - edited ‎12-19-2022 01:34 AM

Thanks for your mention.

B utA main point of this oservtion is vsz don't try chap method though i choose chap.

The ariticle is not related this symptom.

I have confirmed this symptom via free-radius and windows nps both.

 

When i tried to auth pa and chap using other supplicant not vSZ, i had confirmed chap or pap was shooted.

Has Anyone tested it?

0 Kudos

Go to solution
Parik_MN
RUCKUS Team Member
In response to Jeronimo

‎12-19-2022 01:40 AM

Hi @Jeronimo

The symptoms you mentioned is usual. The settings in AAA profile is just for Testing the user credentials using PAP or CHAP. That doesn't mean we could use the same method in Dot1x authentication. For wireless client authentication the protocol used is client perspective and much more secure than just PAP/CHAP. They could use one of these, EAP/PEAP, EAP/MSCHAP-V2, EAP/TLS.

 

Regards,

Parik

0 Kudos

Go to solution
Jeronimo
New Contributor III
In response to Parik_MN

‎12-19-2022 01:53 AM - edited ‎12-19-2022 01:55 AM

Hi parik.

As your mention, if this symptom is usual, rukcus has to remove chap method on aaa test window.

Main goal of Test aaa tool is simple checking whether the id/pass was registered or active via pap or chap.

The reason of removing this is someone who want to check via pap or chap method feels very confusing.

 

Why does chap method exist on aaa test window?

0 Kudos

Go to solution
Parik_MN
RUCKUS Team Member
In response to Jeronimo

‎12-19-2022 02:54 AM - edited ‎12-19-2022 06:24 AM

Hello @Jeronimo

There is a reason behind this option. Some customers prefer to Test the credentials in secure way. They could opt for CHAP, which uses reversible encryption method and pretty challenging to decrypt.

Regards,

Parik

0 Kudos
Copyright © 2024 Khoros, LLC