Using PEAP and WinXP

King, Michael MKing at bridgew.edu
Wed May 24 22:34:45 CEST 2006


 

> -----Original Message-----
> From: 
> freeradius-users-bounces+mking=bridgew.edu at lists.freeradius.or
> g 
> [mailto:freeradius-users-bounces+mking=bridgew.edu at lists.freer
> adius.org] On Behalf Of simon at 434canada.com
> Sent: Wednesday, May 24, 2006 3:02 PM
> To: freeradius-users at lists.freeradius.org
> Subject: Using PEAP and WinXP
> 
> Hi,
> 
> I have a question regarding the setup for the WinXP client 
> when using PEAP.  Does one always need to go into the 
> properties for the AP and configure which servers to connect 
> to or which root certification authorities are trusted?  What 
> I mean is, whether you produced a server certificate yourself 
> and imported that CA onto the client machine, or whether you 
> had a certificate signed by someone like Verisign, you would 
> need to check the corresponding CA within the list.

It's my understanding that this is to prevent a man in the middle
attack.  Someone could easily setup a rouge AP, with a RADIUS Server.
Since your requiring the server to identify itself (Via the Cert) you
could detect this, and prevent it.




More information about the Freeradius-Users mailing list