|
Home > Archive > Radius Server > January 2004 > EAP module UI
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Graham Rowbottom 2004-01-24, 2:03 am |
| On building UIs for EAP dlls.
Using the microsoft 802.1x client on win2k and winXp, a "select your
cert or other id" sys-tray balloon is launched when the client
receives an EAP Identity Request from the NAS.
this is the system EAPOL log for that moment with my eap dll:
[1300] 11:15:01: ElGetIdentity: Userlogged, <Maxauth, Prev !Machine
auth: !MD5
[1300] 11:15:01: ElGetUserIdentity entered
[1300] 11:15:01: ElGetEapKeyFromToken: RegOpenKeyEx succeeded
[1300] 11:15:01: ElGetEapUserInfo: Error in RegOpenKeyEx for base key,
2
[1300] 11:15:01: ElGetUserIdentityOptimized: Error in calling
GetIdentity = 703
....
[1300] 11:15:01: WZCNetmanShowBalloon: Entered
[1300] 11:15:01: WZCNetmanShowBalloon: CoCreateInstance succeeded
[1300] 11:15:01: WZCNetmanShowBalloon completed
Is there a way to control the text in this balloon (like MD5 does,
presumably in ElGetUserNamePassword below)
[1300] 11:27:06: ElGetIdentity: Userlogged, <Maxauth, Prev !Machine
auth: MD5
[1300] 11:27:06: ElGetUserNamePassword entered
[1300] 11:27:06: WZCNetmanShowBalloon: Entered
[1300] 11:27:06: WZCNetmanShowBalloon: CoCreateInstance succeeded
[1300] 11:27:06: WZCNetmanShowBalloon completed
or better still to avoid it (like PEAP-MSCHAPv2 does which uses
ElGetUserIdentityOptimized successfully):
[2000] 12:48:44: ElGetIdentity: Userlogged, <Maxauth, Prev !Machine
auth: !MD5
[2000] 12:48:44: ElGetUserIdentity entered
[2000] 12:48:44: ElGetEapKeyFromToken: RegOpenKeyEx succeeded
[2000] 12:48:44: ElGetEapUserInfo: Error in RegOpenKeyEx for base key,
2
[2000] 12:48:44: ElGetUserIdentityOptimized: Got identity =
IPGLAB\dot1x
[2000] 12:48:44: ElGetUserIdentity: ElGetUserIdentityOptimized got
identity without user module intervention
Is GetUserIdentityOptimized something I can have influence on? Why do
I get error 703?
Any insights or similar experiences welcomed.
regards
graham
| |
| Xuemei Bao 2004-01-24, 2:03 am |
| you should double click the balloon and see if an identity UI will be popped
up.
This is an expected behavior. 802.1x is ran inside wzcsvc service, which is
in a non-interactive mode, i.e. an UI can not be invoked by that service. So
802.1x RPCed into explorer.exe to invoke the indentity UI. Error 703 means
the RasGetIdentity required an interactive mode but the current process was
in a non-interactive mode.
--
This post is provided AS IS with no warranties, and confer no rights
"Graham Rowbottom" <graham_rowbottom@acml.com> wrote in message
news:5ab80890.0401221012.565cae90@posting.google.com...quote:
> On building UIs for EAP dlls.
>
> Using the microsoft 802.1x client on win2k and winXp, a "select your
> cert or other id" sys-tray balloon is launched when the client
> receives an EAP Identity Request from the NAS.
>
> this is the system EAPOL log for that moment with my eap dll:
>
> [1300] 11:15:01: ElGetIdentity: Userlogged, <Maxauth, Prev !Machine
> auth: !MD5
> [1300] 11:15:01: ElGetUserIdentity entered
> [1300] 11:15:01: ElGetEapKeyFromToken: RegOpenKeyEx succeeded
> [1300] 11:15:01: ElGetEapUserInfo: Error in RegOpenKeyEx for base key,
> 2
> [1300] 11:15:01: ElGetUserIdentityOptimized: Error in calling
> GetIdentity = 703
> ...
> [1300] 11:15:01: WZCNetmanShowBalloon: Entered
> [1300] 11:15:01: WZCNetmanShowBalloon: CoCreateInstance succeeded
> [1300] 11:15:01: WZCNetmanShowBalloon completed
>
>
> Is there a way to control the text in this balloon (like MD5 does,
> presumably in ElGetUserNamePassword below)
>
>
> [1300] 11:27:06: ElGetIdentity: Userlogged, <Maxauth, Prev !Machine
> auth: MD5
> [1300] 11:27:06: ElGetUserNamePassword entered
> [1300] 11:27:06: WZCNetmanShowBalloon: Entered
> [1300] 11:27:06: WZCNetmanShowBalloon: CoCreateInstance succeeded
> [1300] 11:27:06: WZCNetmanShowBalloon completed
>
>
> or better still to avoid it (like PEAP-MSCHAPv2 does which uses
> ElGetUserIdentityOptimized successfully):
>
>
> [2000] 12:48:44: ElGetIdentity: Userlogged, <Maxauth, Prev !Machine
> auth: !MD5
> [2000] 12:48:44: ElGetUserIdentity entered
> [2000] 12:48:44: ElGetEapKeyFromToken: RegOpenKeyEx succeeded
> [2000] 12:48:44: ElGetEapUserInfo: Error in RegOpenKeyEx for base key,
> 2
> [2000] 12:48:44: ElGetUserIdentityOptimized: Got identity =
> IPGLAB\dot1x
> [2000] 12:48:44: ElGetUserIdentity: ElGetUserIdentityOptimized got
> identity without user module intervention
>
>
> Is GetUserIdentityOptimized something I can have influence on? Why do
> I get error 703?
>
> Any insights or similar experiences welcomed.
>
> regards
> graham
| |
| Graham Rowbottom 2004-01-27, 2:35 am |
| I don't want our users to have to type or click anything to express
their identity.
Is it possible to create an EAP dll that causes wzcsvc to skip the
pop-up balloon or than can control the text within it? (As PEAP and
MD5 seem to)
"Xuemei Bao" <xbao@online.microsoft.com> wrote in message news:<40102977$1@news.microsoft.com>...[QUOTE][color=darkred]
> you should double click the balloon and see if an identity UI will be popped
> up.
>
> This is an expected behavior. 802.1x is ran inside wzcsvc service, which is
> in a non-interactive mode, i.e. an UI can not be invoked by that service. So
> 802.1x RPCed into explorer.exe to invoke the indentity UI. Error 703 means
> the RasGetIdentity required an interactive mode but the current process was
> in a non-interactive mode.
>
> --
> This post is provided AS IS with no warranties, and confer no rights
> "Graham Rowbottom" <graham_rowbottom@acml.com> wrote in message
> news:5ab80890.0401221012.565cae90@posting.google.com...
| |
| Mudit Goel [MSFT] 2004-01-28, 5:38 am |
| Hi Graham -
The reason you dont see a popup in case of PEAP-MSChapV2 is because MsChapV2
either uses winlogon credentials (if enabled - an option in mschapv2
configuration), or caches the user credentials (for subsequent requests -
the user will get prompted the first time for his/her credentials.).
As long as the your eap dll provides an identity and credentials without
having to prompt the user, you should be fine.
Thanks,
Mudit
--
________________________________________
__________________
This posting is provided "AS IS" with no warranties, and confers no rights.
________________________________________
__________________
"Graham Rowbottom" <graham_rowbottom@acml.com> wrote in message
news:5ab80890.0401270729.f9f32d0@posting.google.com...quote:
> I don't want our users to have to type or click anything to express
> their identity.
>
> Is it possible to create an EAP dll that causes wzcsvc to skip the
> pop-up balloon or than can control the text within it? (As PEAP and
> MD5 seem to)
>
>
> "Xuemei Bao" <xbao@online.microsoft.com> wrote in message
news:<40102977$1@news.microsoft.com>...[QUOTE][color=darkred]
popped[QUOTE][color=darkred]
is[QUOTE][color=darkred]
service. So[QUOTE][color=darkred]
means[QUOTE][color=darkred]
was[QUOTE][color=darkred]
|
|
|
|
|