Simultaneous EAP-TLS and PEAP-MSCHAPv2 (machine/user authentication)
Alan DeKok
aland at deployingradius.com
Sat Dec 26 17:38:22 CET 2015
On Dec 26, 2015, at 9:55 AM, Ben Humpert <ben at an3k.de> wrote:
>
> Windows can't do machine authentication and then additionally user
> authentication. You can do either do machine OR user auth. It is kind of
> annoying.
It's not Windows. It's a fundamental limitation of the protocols involved.
When a system authenticates itself to the network and gets access... its *on the network*. There's no magical multi-step process.
Even using PEAP with a client certificate means that the client certificate is under the user control. He can delete it, or copy it to another machine.
Alan DeKok.
More information about the Freeradius-Users
mailing list