Client certs with MSCHAPV2 in PEA

Phil Mayers p.mayers at imperial.ac.uk
Fri Feb 24 15:52:47 CET 2006


Dave Huff wrote:
> .
>> From: "Alan DeKok" <aland at ox.org>
> 
>> Robert Myers <ccrider at whiterose.net> wrote:
>>> The reason I ask, is that I'm using a client cert signed by my CA to do 
>>> eap/tls, and it's working.  I have not implemented the server cert as of 
>>> yet.
> 
>>  Then it *should* work with PEAP.  But I don't know of many people
>> that use client certs with PEAP.  I suspect no one has tested that,
>> and that the client may be doing something different than with EAP-TLS.
> 
>>  My suggestion is don't use client certs with PEAP.
> 
>>  Alan DeKok.
> 
> Ah well, I'm trying to authenticate both a machine (cert) and a user
> (password) to prevent people from using unchecked machines on the network.
> PEAP sort of does that I guess since the internal CA isn't set up on a
> client, but that's not a very secure method.  Any suggestions appreciated
> and thanks for your help.

Interesting. What client is this?



More information about the Freeradius-Users mailing list