Terminate PEAP on freeradius then proxy MSCHAPv2 to NPS
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Fri Jan 25 15:23:10 CET 2013
Hi,
> The reason I was attempting this is because I have to provide a service
> for roaming users and I was having issues with obtaining a certificate for
> the NPS server.
whats wrong with just using your current FR certificate on the NPS box?
> Does this mean that I could use a self signed certificate for the NPS that
> is recognized by the freeradius and have a commercial certificate on the
> freeradius that is then recognized by the clients?
what are your clients/userbase? why do you have to use a commercial certificate
for your server? if the clients authenticating are your clients then they can have
the required private CA installed - the authentication is a closed loop. if you use
a commercial cert eg thawte, verisign etc and only use that as trust then anyone can
get a cert signed by that commercial CA as a first point to subverting your security
alan
More information about the Freeradius-Users
mailing list