daniel knox <mail@dknox.co.uk> wrote:
Lol just actually read some stuff on WPA and learnt abit more about EAP. I realise now that TTLS does not require client certificates like I previously thought only the server. Apologies for this miss understanding. Although I do realise now that SecureW2 would be required to give my Windows users the ability to access this. Although this may not be to difficult to distribute to them I would have to look into these possible issues.
You use server certificates for PEAP too, it's madness not to use a server certificate in either case. If you do not then the clients are more than happy to dish out user credentials to anyone who asks. I prefer TTLS as although PEAP is already built into Mac OS X and Windows, neither can be easily autoconfigured with some kind of priming script[1]. We use TTLS as it's not braindead[2] and in the case of SecureW2 it can be trivially autoconfigured. If you tie it in with a NSIS script then you can do some *really* nice things for wireless workstation priming for your Windows userbase. Cheers [1] not that I know of anyway, and Mac OS X 10.5 seems to have dropped support for wireless profile importing [2] well from my perspective, I'm sure implentators out their might say otherwise -- Alexander Clouter .sigmonster says: Neil Armstrong tripped.