Client certs with MSCHAPV2 in PEA
Dave Huff
dbhuff at yahoo.com
Fri Feb 24 14:08:19 CET 2006
.
>From: "Alan DeKok" <aland at ox.org>
>Robert Myers <ccrider at whiterose.net> wrote:
>> The reason I ask, is that I'm using a client cert signed by my CA to do
>> eap/tls, and it's working. I have not implemented the server cert as of
>> yet.
> Then it *should* work with PEAP. But I don't know of many people
>that use client certs with PEAP. I suspect no one has tested that,
>and that the client may be doing something different than with EAP-TLS.
> My suggestion is don't use client certs with PEAP.
> Alan DeKok.
Ah well, I'm trying to authenticate both a machine (cert) and a user
(password) to prevent people from using unchecked machines on the network.
PEAP sort of does that I guess since the internal CA isn't set up on a
client, but that's not a very secure method. Any suggestions appreciated
and thanks for your help.
More information about the Freeradius-Users
mailing list