Dave Huff wrote:
.
From: "Alan DeKok" <aland@ox.org>
Robert Myers <ccrider@whiterose.net> wrote:
The reason I ask, is that I'm using a client cert signed by my CA to do eap/tls, and it's working. I have not implemented the server cert as of yet.
Then it *should* work with PEAP. But I don't know of many people that use client certs with PEAP. I suspect no one has tested that, and that the client may be doing something different than with EAP-TLS.
My suggestion is don't use client certs with PEAP.
Alan DeKok.
Ah well, I'm trying to authenticate both a machine (cert) and a user (password) to prevent people from using unchecked machines on the network. PEAP sort of does that I guess since the internal CA isn't set up on a client, but that's not a very secure method. Any suggestions appreciated and thanks for your help.
Interesting. What client is this?
FC4/2.6.15-1.1831 Freeradius 1.0.4 Intel PROset 9.0.3.0 Is there a debug mode that would show me exactly which certs are being exchanged?