I have some questions dealing with MAC authorization, PAP, and PEAP. At my company our current wireless configuration is using a Win2k3 IAS server with certificate based EAP-PEAP authentication using MSCHAPV2 but also unencrypted authentication via PAP. The individual responsible for this configuration has long since left the company and I am responsible for implementing a new wireless network using a similar config, which leads me to posting on this forum.
In this config we have two factors of authentication. The first would be mac authorization, which requires unencrypted authentication using PAP and the other is AD authenticated using PEAP-MSCHAPv2. I can actually check the logs and see the clients authenticating with the AD user account and AD MAC account. Here are the questions.
PAP is selected as the authentication method and PEAP as the EAP type in the same policy to hopefully force both forms of authentication. The first question is which form of authentication is actually being implemented, PAP, PEAP-MSCHAPv2, or both? Second if it is PAP my concern is that will the AD authentication be sent across in plain text as the mac authorization is? And is the MAC authorization accompanying the AD authentication providing further security at all or is it superfluous?
If you need me to clarify the situation further let me know.
On another note I couldn't verify my account to upload images or include any links.