000011545 - Configuring EAP authentication with SBR Radius

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011545
Applies ToAuthentication Agent 7.0
Windows 7 Professional
EAP
IssueConfiguring EAP authentication with SBR Radius
SBR Radius is Agent Host
CauseEAP 15 and EAP 32 are not enabled on SBR radius by default. EAP 15 and EAP32 utilize a pair of keys between VPN client and SBR Radius for establishing an encrypted tunnels. PEAP uses a certificate for machine authentication and this is not supported by EAP Client.
Resolution

 

Edit the eap.ini file on SBR server to allow EAP-15 and EAP-32 on the securID suffix and securID user.

 

[SecurID]
EAP-Only=1
           <---------------- ( change from zero to 1 )
First-Handle-Via-Auto-EAP=0

EAP-Type=EAP-15

Available-EAP-Only-Values=0,1

Available-Auto-EAP-Values=0

Available-EAP-Types=EAP-32|EAP-15


[SecurID Suffix]

EAP-Only=0

First-Handle-Via-Auto-EAP=0

EAP-Type=EAP-32

Available-EAP-Only-Values=0,1

Available-Auto-EAP-Values=0

Available-EAP-Types=Generic-Token|EAP-32|EAP-15

 

[SecurID User]

EAP-Only=0

First-Handle-Via-Auto-EAP=0

EAP-Type=EAP-32

Available-EAP-Only-Values=0,1

Available-Auto-EAP-Values=0

Available-EAP-Types=Generic-Token|EAP-32|EAP-15

 

Restart the radius service on SBR RADIUS.

 

 

 

 

 

WorkaroundCustomer is not using RSA RADIUS shipped ith the Authentication Manager
Legacy Article IDa56010

Attachments

    Outcomes