Client certs with MSCHAPV2 in PEA

Dave Huff dbhuff at
Fri Feb 24 14:08:19 CET 2006

>From: "Alan DeKok" <aland at>

>Robert Myers <ccrider at> wrote:
>> The reason I ask, is that I'm using a client cert signed by my CA to do 
>> eap/tls, and it's working.  I have not implemented the server cert as of 
>> yet.

>  Then it *should* work with PEAP.  But I don't know of many people
>that use client certs with PEAP.  I suspect no one has tested that,
>and that the client may be doing something different than with EAP-TLS.

>  My suggestion is don't use client certs with PEAP.

>  Alan DeKok.

Ah well, I'm trying to authenticate both a machine (cert) and a user
(password) to prevent people from using unchecked machines on the network.
PEAP sort of does that I guess since the internal CA isn't set up on a
client, but that's not a very secure method.  Any suggestions appreciated
and thanks for your help.

More information about the Freeradius-Users mailing list