EAP/TTLS PEAP MSCHAP
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Wed Apr 4 23:16:24 CEST 2007
Ian Truelsen wrote:
> On Wed, 2007-04-04 at 20:58 +0100, Arran Cudbard-Bell wrote:
>
>> According to the microsoft support article
>> (http://support.microsoft.com/kb/814394/en-us)
>>
>> "The IAS or the VPN server computer certificate is configured with the
>> Server Authentication purpose. The object identifier for Server
>> Authentication is 1.3.6.1.5.5.7.3.1."
>>
>> But I have no idea how to add it to the certificate, if you find out
>> please let me know :)
>>
>>
> Check out this article:
>
> http://www.linuxjournal.com/article/8095
>
> It explains how to get the MS attributes into the certificates.
>
> Hope this helps.
>
Excellent, thanks, just what I was looking for :)
Is it really just as simple as creating the certificate, signing it with
the right extensions, installing the proper rootCA on the windows
machines , and configuring the windows supplicant correctly ?
Which would be
In authentication tab
Enable IEEE 802.1x authentication for this network
Setting EAP Type to PEAP
In properties
Validate server certificate
Authentication method EAP-MSCHAP v2
Checking the Root CA the certificate was signed with .
In Configure
Automatically use my windows logo name and password unchecked.
Or are there more weird windows things ?
Gah... never appreciated Mac OSX so much.
"oo looks like your connecting to an 802.11x network , please enter
your username and password, hmm you havent chosen to explicitly trust
this certificate would you like to ?
.... Connected!"..... "and now i'm going to save your username and
password in the keychain so you'll never have to go through this
amazingly simple process ever again".
---
Arran
More information about the Freeradius-Users
mailing list