Two factor authentication
alfonso.lazaro at eresmas.com
alfonso.lazaro at eresmas.com
Tue Mar 28 10:19:25 CEST 2006
On Mon, Mar 27, 2006 at 10:01:56PM +0200, jf wrote:
i need both authentication, i need the certificate and wrong user/pass
yesterday i was reading several mails from this list and i think i found some answer to my question
i am going to try to use peap over tls authentication and i am going to force client certificate authentication
radius.cfg
DEFAULT EAP-TLS-Require-Client-Cert:=Yes
i will send you my experience
alfonso
>
> >alfonso.lazaro at eresmas.com wrote:
> >
> >
> >> i would like to use a two-factor authentication.
> >> - all pcs that want to connect to the wireless network need a
> >> certificate signed by CA
> >> - users must authenticate with their user/pass active directory
> >>
> >>
> >
> > I don't think that will work. From what I understand of Microsoft's
> >Windows implementation, the machine accounts must use the same
> >authentication method as user login. So you can use PEAP for both,
> >but not EAP-TLS for one, and PEAP for the other.
> >
> >
> >
> >> i am not sure how to do it
> >>
> >>
> >
> > Most of the configuration is on the Windows box, not on FreeRADIUS.
> >
> > Get PEAP set up and configure the Windows box to use PEAP. It
> >should then work.
> >
> > Alan DeKok.
> >
> >-
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> >
> >
> >
> >
>
> I think that what alfonso need is to use both authentication in order to
> be authenticated.
>
> That is to say to have EAP_TLS to open the connection and then to enter
> login and password for AD or something like that...
>
> JF SURET
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list