Client certs with MSCHAPV2 in PEA

Dave Huff dbhuff at yahoo.com
Fri Feb 24 16:39:26 CET 2006


 
> 
> Dave Huff wrote:
> > .
> >> From: "Alan DeKok" <aland at ox.org>
> > 
> >> Robert Myers <ccrider at whiterose.net> wrote:
> >>> The reason I ask, is that I'm using a client cert signed 
> by my CA to 
> >>> do eap/tls, and it's working.  I have not implemented the server 
> >>> cert as of yet.
> > 
> >>  Then it *should* work with PEAP.  But I don't know of many people 
> >> that use client certs with PEAP.  I suspect no one has 
> tested that, 
> >> and that the client may be doing something different than 
> with EAP-TLS.
> > 
> >>  My suggestion is don't use client certs with PEAP.
> > 
> >>  Alan DeKok.
> > 
> > Ah well, I'm trying to authenticate both a machine (cert) and a user
> > (password) to prevent people from using unchecked machines 
> on the network.
> > PEAP sort of does that I guess since the internal CA isn't 
> set up on a 
> > client, but that's not a very secure method.  Any suggestions 
> > appreciated and thanks for your help.
> 
> Interesting. What client is this?
FC4/2.6.15-1.1831
Freeradius 1.0.4
Intel PROset 9.0.3.0

Is there a debug mode that would show me exactly which certs are being
exchanged?




More information about the Freeradius-Users mailing list