EAP/TTLS PEAP MSCHAP

Eshun Benjamin bkeshun at yahoo.fr
Thu Apr 5 12:06:53 CEST 2007 

Thanks I can connect windows with PEAP/ MSCHAPv2 . Need to fix the certificates.
 
==================================================

Benjamin K. Eshun

----- Message d'origine ----
De : Arran Cudbard-Bell <A.Cudbard-Bell at sussex.ac.uk>
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Envoyé le : Mercredi, 4 Avril 2007, 23h16mn 24s
Objet : Re: Re : EAP/TTLS PEAP MSCHAP

Ian Truelsen wrote:
> On Wed, 2007-04-04 at 20:58 +0100, Arran Cudbard-Bell wrote:
>   
>> According to the microsoft support article 
>> (http://support.microsoft.com/kb/814394/en-us)
>>
>> "The IAS or the VPN server computer certificate is configured with the 
>> Server Authentication purpose. The object identifier for Server 
>> Authentication is 1.3.6.1.5.5.7.3.1."
>>
>> But I have no idea how to add it to the certificate, if you find out 
>> please let me know :)
>>
>>     
> Check out this article:
>
> http://www.linuxjournal.com/article/8095
>
> It explains how to get the MS attributes into the certificates.
>
> Hope this helps.
>   
Excellent, thanks, just what I was looking for :)

Is it really just as simple as creating the certificate, signing it with 
the right extensions, installing the proper rootCA on the windows 
machines , and configuring the windows supplicant correctly ?

Which would be

In authentication tab
Enable IEEE 802.1x authentication for this network
Setting EAP Type to PEAP

In properties
Validate server certificate
Authentication method EAP-MSCHAP v2
Checking the Root CA the certificate was signed with .

In Configure
Automatically use my windows logo name and password unchecked.

Or are there more weird windows things ?

Gah... never appreciated Mac OSX so much.

"oo  looks like your connecting to an 802.11x network , please enter 
your username and password, hmm you havent chosen to explicitly trust 
this certificate would you like to ?
.... Connected!"..... "and now i'm going to save your username and 
password in the keychain so you'll never have to go through this 
amazingly simple process ever again".

---
Arran
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html







	

	
		
___________________________________________________________________________ 
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! 
Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses 
http://fr.answers.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070405/6195a863/attachment.html>

More information about the Freeradius-Users mailing list