-----Original Message----- From: freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.or g [mailto:freeradius-users-bounces+mking=bridgew.edu@lists.freer adius.org] On Behalf Of simon@434canada.com Sent: Wednesday, May 24, 2006 3:02 PM To: freeradius-users@lists.freeradius.org Subject: Using PEAP and WinXP
Hi,
I have a question regarding the setup for the WinXP client when using PEAP. Does one always need to go into the properties for the AP and configure which servers to connect to or which root certification authorities are trusted? What I mean is, whether you produced a server certificate yourself and imported that CA onto the client machine, or whether you had a certificate signed by someone like Verisign, you would need to check the corresponding CA within the list.
It's my understanding that this is to prevent a man in the middle attack. Someone could easily setup a rouge AP, with a RADIUS Server. Since your requiring the server to identify itself (Via the Cert) you could detect this, and prevent it.