Two factor authentication
jf
tilaris at wanadoo.fr
Mon Mar 27 22:01:56 CEST 2006
Alan DeKok wrote:
>alfonso.lazaro at eresmas.com wrote:
>
>
>> i would like to use a two-factor authentication.
>> - all pcs that want to connect to the wireless network need a certificate signed by CA
>> - users must authenticate with their user/pass active directory
>>
>>
>
> I don't think that will work. From what I understand of Microsoft's
>Windows implementation, the machine accounts must use the same
>authentication method as user login. So you can use PEAP for both,
>but not EAP-TLS for one, and PEAP for the other.
>
>
>
>> i am not sure how to do it
>>
>>
>
> Most of the configuration is on the Windows box, not on FreeRADIUS.
>
> Get PEAP set up and configure the Windows box to use PEAP. It
>should then work.
>
> Alan DeKok.
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
I think that what alfonso need is to use both authentication in order to
be authenticated.
That is to say to have EAP_TLS to open the connection and then to enter
login and password for AD or something like that...
JF SURET
More information about the Freeradius-Users
mailing list