Client certs with MSCHAPV2 in PEA
Dave Huff
dbhuff at yahoo.com
Fri Feb 24 16:39:26 CET 2006
>
> Dave Huff wrote:
> > .
> >> From: "Alan DeKok" <aland at ox.org>
> >
> >> Robert Myers <ccrider at whiterose.net> wrote:
> >>> The reason I ask, is that I'm using a client cert signed
> by my CA to
> >>> do eap/tls, and it's working. I have not implemented the server
> >>> cert as of yet.
> >
> >> Then it *should* work with PEAP. But I don't know of many people
> >> that use client certs with PEAP. I suspect no one has
> tested that,
> >> and that the client may be doing something different than
> with EAP-TLS.
> >
> >> My suggestion is don't use client certs with PEAP.
> >
> >> Alan DeKok.
> >
> > Ah well, I'm trying to authenticate both a machine (cert) and a user
> > (password) to prevent people from using unchecked machines
> on the network.
> > PEAP sort of does that I guess since the internal CA isn't
> set up on a
> > client, but that's not a very secure method. Any suggestions
> > appreciated and thanks for your help.
>
> Interesting. What client is this?
FC4/2.6.15-1.1831
Freeradius 1.0.4
Intel PROset 9.0.3.0
Is there a debug mode that would show me exactly which certs are being
exchanged?
More information about the Freeradius-Users
mailing list