Client certs with MSCHAPV2 in PEA
Phil Mayers
p.mayers at imperial.ac.uk
Fri Feb 24 15:52:47 CET 2006
Dave Huff wrote:
> .
>> From: "Alan DeKok" <aland at ox.org>
>
>> Robert Myers <ccrider at whiterose.net> wrote:
>>> The reason I ask, is that I'm using a client cert signed by my CA to do
>>> eap/tls, and it's working. I have not implemented the server cert as of
>>> yet.
>
>> Then it *should* work with PEAP. But I don't know of many people
>> that use client certs with PEAP. I suspect no one has tested that,
>> and that the client may be doing something different than with EAP-TLS.
>
>> My suggestion is don't use client certs with PEAP.
>
>> Alan DeKok.
>
> Ah well, I'm trying to authenticate both a machine (cert) and a user
> (password) to prevent people from using unchecked machines on the network.
> PEAP sort of does that I guess since the internal CA isn't set up on a
> client, but that's not a very secure method. Any suggestions appreciated
> and thanks for your help.
Interesting. What client is this?
More information about the Freeradius-Users
mailing list