2.2.3.1.2 PEAP_CONN_PROP
This data structure specifies the configuration for Microsoft implementation of Protected Extensible Authentication Protocol (PEAP) Specification [MS-PEAP] on the client. The fields are as follows.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Version |
|||||||||||||||||||||||||||||||
|
Size |
|||||||||||||||||||||||||||||||
|
NumberOfEAPTypes |
|||||||||||||||||||||||||||||||
|
Flags |
|||||||||||||||||||||||||||||||
|
PeapTlsProperties (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
InnerMethodProperties (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
IdentityPrivacyString (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
Padding (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Version (4 bytes): A 4-byte unsigned integer that indicates the version of the PEAP_CONN_PROP. It is set to 1.
Size (4 bytes): A 4-byte unsigned integer that is set to the total size of the PEAP_CONN_PROP data structure in bytes plus (NumberOfEAPTypes + 1)* 4 plus the size of IdentityPrivacyString, including NULL character in bytes.
NumberOfEAPTypes (4 bytes): A 4-byte unsigned integer that indicates the number of EAP methods configured as the inner EAP method for PEAP. It is set to either 0 or 1.<18>
-
0x00000000
-
0x00000001
Flags (4 bytes): A 4-byte unsigned integer that indicates the properties for PEAP configuration by setting the following bit values.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
10
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
E
D
C
B
A
-
Where the bits are defined as:
-
Value
Description
A
PeapFastRoaming: If set to 1, the clients participate in fast-roaming.
B
PeapInnerEAPOptional: If set to 1, the client allows the absence of any inner EAP method for successful authentication.<19>
C
PeapEnforceCryptoBinding: If set to 1, the client disconnects and fail PEAP authentication if the authenticating server does not provide a cryptobinding TLV.<20>
D
PeapEnableQuarantine: If set to 1, the client enables Network Access Protection feature in the PEAP protocol.<21>
E
PeapEnableIdentityPrivacy: If set to 1, the client enables the identity privacy feature in the PEAP protocol.<22>
PeapTlsProperties (variable): A variable size data that follows the format defined by PEAP_TLS_PHASE1_CONN_PROPERTIES (section 2.2.3.1.2.1). This field indicates the parameters that the clients use to establish the TLS tunnel in Phase 1 of PEAP as specified in [MS-PEAP] section 3.3.5.2.
InnerMethodProperties (variable): Optional variable size data that follows the format defined by PEAP_INNER_METHOD_PROPERTY (section 2.2.3.1.2.2) indicating the parameters the client uses for Inner EAP method inside PEAP. This field is present if NumberOfEAPTypes field is set to 1.
IdentityPrivacyString (variable): Optional variable size null-terminated Unicode string that MAY<23>be used to indicate the identity to be used in EAP-Identity response packet.
Padding (variable): Optional variable size field. Extends PEAP_CONN_PROP to the length specified in the Size field.