Alan DeKok wrote:
alfonso.lazaro@eresmas.com wrote:
i would like to use a two-factor authentication. - all pcs that want to connect to the wireless network need a certificate signed by CA - users must authenticate with their user/pass active directory
I don't think that will work. From what I understand of Microsoft's Windows implementation, the machine accounts must use the same authentication method as user login. So you can use PEAP for both, but not EAP-TLS for one, and PEAP for the other.
i am not sure how to do it
Most of the configuration is on the Windows box, not on FreeRADIUS.
Get PEAP set up and configure the Windows box to use PEAP. It should then work.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I think that what alfonso need is to use both authentication in order to be authenticated. That is to say to have EAP_TLS to open the connection and then to enter login and password for AD or something like that... JF SURET