- and how, exactly, does the EAP tunnel get set up if you dont have a common certificate to enable such a construct? you've got to have a CA - and, if done properly, you've got to have the validate check as well!
Suppose a person who comes from outside the company, and wants to connect to my network, do not have the certificates. through PEAP can I give you access with a username and password without install certificates? What I suggest? ()
-----Original Message----- From: freeradius-users- bounces+jmdanner=samford.edu@lists.freeradius.org [mailto:freeradius- users-bounces+jmdanner=samford.edu@lists.freeradius.org] On Behalf Of Martin Silvero Sent: Thursday, December 18, 2008 8:31 AM To: freeradius-users@lists.freeradius.org Subject: Re: Conf PEAP
- and how, exactly, does the EAP tunnel get set up if you dont have a common certificate to enable such a construct? you've got to have a CA - and, if done properly, you've got to have the validate check as well!
Suppose a person who comes from outside the company, and wants to connect to my network, do not have the certificates. through PEAP can I give you access with a username and password without install certificates?
What I suggest?
We opted to purchase a Verisign cert for our FreeRadius server. Verisign is recognized as a trusted root by most OS's. There are less expensive certs available, but you'll definitely need a commercial cert to address your concerns. Mearl
() - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- and how, exactly, does the EAP tunnel get set up if you dont have a common certificate to enable such a construct? you've got to have a CA - and, if done properly, you've got to have the validate check as well!
Suppose a person who comes from outside the company, and wants to connect to my network, do not have the certificates.
Exactly. And they shouldn't be able to connect. That is the whole idea of self-signed certificates. If someone from outside should have access, you can email him the certificate and he will be able to connect. Ivan Kalik Kalik Informatika ISP
participants (3)
-
Danner, Mearl -
Martin Silvero -
tnt@kalik.net