Two factor authentication
Alan DeKok
aland at ox.org
Mon Mar 27 20:21:33 CEST 2006
alfonso.lazaro at eresmas.com wrote:
> i would like to use a two-factor authentication.
> - all pcs that want to connect to the wireless network need a certificate signed by CA
> - users must authenticate with their user/pass active directory
I don't think that will work. From what I understand of Microsoft's
Windows implementation, the machine accounts must use the same
authentication method as user login. So you can use PEAP for both,
but not EAP-TLS for one, and PEAP for the other.
> i am not sure how to do it
Most of the configuration is on the Windows box, not on FreeRADIUS.
Get PEAP set up and configure the Windows box to use PEAP. It
should then work.
Alan DeKok.
More information about the Freeradius-Users
mailing list