Using PEAP and WinXP

King, Michael MKing at
Wed May 24 22:34:45 CEST 2006


> -----Original Message-----
> From: 
> at lists.freeradius.or
> g 
> [ at lists.freer
>] On Behalf Of simon at
> Sent: Wednesday, May 24, 2006 3:02 PM
> To: freeradius-users at
> Subject: Using PEAP and WinXP
> Hi,
> I have a question regarding the setup for the WinXP client 
> when using PEAP.  Does one always need to go into the 
> properties for the AP and configure which servers to connect 
> to or which root certification authorities are trusted?  What 
> I mean is, whether you produced a server certificate yourself 
> and imported that CA onto the client machine, or whether you 
> had a certificate signed by someone like Verisign, you would 
> need to check the corresponding CA within the list.

It's my understanding that this is to prevent a man in the middle
attack.  Someone could easily setup a rouge AP, with a RADIUS Server.
Since your requiring the server to identify itself (Via the Cert) you
could detect this, and prevent it.

More information about the Freeradius-Users mailing list