Using PEAP and WinXP
MKing at bridgew.edu
Wed May 24 22:34:45 CEST 2006
> -----Original Message-----
> freeradius-users-bounces+mking=bridgew.edu at lists.freeradius.or
> [mailto:freeradius-users-bounces+mking=bridgew.edu at lists.freer
> adius.org] On Behalf Of simon at 434canada.com
> Sent: Wednesday, May 24, 2006 3:02 PM
> To: freeradius-users at lists.freeradius.org
> Subject: Using PEAP and WinXP
> I have a question regarding the setup for the WinXP client
> when using PEAP. Does one always need to go into the
> properties for the AP and configure which servers to connect
> to or which root certification authorities are trusted? What
> I mean is, whether you produced a server certificate yourself
> and imported that CA onto the client machine, or whether you
> had a certificate signed by someone like Verisign, you would
> need to check the corresponding CA within the list.
It's my understanding that this is to prevent a man in the middle
attack. Someone could easily setup a rouge AP, with a RADIUS Server.
Since your requiring the server to identify itself (Via the Cert) you
could detect this, and prevent it.
More information about the Freeradius-Users