MOving from LEAP to PEAP

Greetings folks,

I need to justify a move to PEAP from LEAP.

One of the problems i had with LEAP (in this case using LEAP and Cisco's
ACS is 3.2.1.as RADIUS ):
I have two AD domans in a trust. Let's say domain Europe(is in Europe
geogrpahically) and domain Asia.(is in Asia geogrpahically)

A user from Europe travels to Asia. Now he/she could connect their laptop to
the wired-LAN in Asia domain and logon to their Europe domain due the the
trust that exists. This logon/authentication happens with 10-15 seconds.

But if the user does the same, but with a wi-fi enabled laptop, and is using
Cisco LEAP, and CISCO's ACS for authentication, it take up a very long time
to logon. It even time outs 4 out 10 times.

Now we are looking into PEAP. Would PEAP solve this problem ? Anybody
encountered this?

Also if the user's password expires at the AD, the LEAP solution does not
prompt the user about password expired. Would PEAP solve this too ?

Many thanks in advance

Kind Regards
Gill

Yes and yes. LEAP isn't really integrated into the Windows logon process,
whereas PEAP is completely integrated.

Steve Riley
(E-Mail Removed)



"Sarbjit Singh Gill" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Greetings folks,
>
> I need to justify a move to PEAP from LEAP.
>
> One of the problems i had with LEAP (in this case using LEAP and Cisco's
> ACS is 3.2.1.as RADIUS ):
> I have two AD domans in a trust. Let's say domain Europe(is in Europe
> geogrpahically) and domain Asia.(is in Asia geogrpahically)
>
> A user from Europe travels to Asia. Now he/she could connect their laptop
> to the wired-LAN in Asia domain and logon to their Europe domain due the
> the trust that exists. This logon/authentication happens with 10-15
> seconds.
>
> But if the user does the same, but with a wi-fi enabled laptop, and is
> using Cisco LEAP, and CISCO's ACS for authentication, it take up a very
> long time to logon. It even time outs 4 out 10 times.
>
> Now we are looking into PEAP. Would PEAP solve this problem ? Anybody
> encountered this?
>
> Also if the user's password expires at the AD, the LEAP solution does not
> prompt the user about password expired. Would PEAP solve this too ?
>
> Many thanks in advance
>
> Kind Regards
> Gill
>
>

Thank You Steve.

"Steve Riley [MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Yes and yes. LEAP isn't really integrated into the Windows logon process,
> whereas PEAP is completely integrated.
>
> Steve Riley
> (E-Mail Removed)
>
>
>
> "Sarbjit Singh Gill" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Greetings folks,
>>
>> I need to justify a move to PEAP from LEAP.
>>
>> One of the problems i had with LEAP (in this case using LEAP and
>> Cisco's ACS is 3.2.1.as RADIUS ):
>> I have two AD domans in a trust. Let's say domain Europe(is in Europe
>> geogrpahically) and domain Asia.(is in Asia geogrpahically)
>>
>> A user from Europe travels to Asia. Now he/she could connect their laptop
>> to the wired-LAN in Asia domain and logon to their Europe domain due the
>> the trust that exists. This logon/authentication happens with 10-15
>> seconds.
>>
>> But if the user does the same, but with a wi-fi enabled laptop, and is
>> using Cisco LEAP, and CISCO's ACS for authentication, it take up a very
>> long time to logon. It even time outs 4 out 10 times.
>>
>> Now we are looking into PEAP. Would PEAP solve this problem ? Anybody
>> encountered this?
>>
>> Also if the user's password expires at the AD, the LEAP solution does not
>> prompt the user about password expired. Would PEAP solve this too ?
>>
>> Many thanks in advance
>>
>> Kind Regards
>> Gill
>>
>>
>
>