RE: Client certs with MSCHAPV2 in PEA
> > Dave Huff wrote: > > . > >> From: "Alan DeKok" <[EMAIL PROTECTED]> > > > >> Robert Myers <[EMAIL PROTECTED]> wrote: > >>> The reason I ask, is that I'm using a client cert signed > by my CA to > >>> do eap/tls, and it's working. I have not implemented the server > >>> cert as of yet. > > > >> Then it *should* work with PEAP. But I don't know of many people > >> that use client certs with PEAP. I suspect no one has > tested that, > >> and that the client may be doing something different than > with EAP-TLS. > > > >> My suggestion is don't use client certs with PEAP. > > > >> Alan DeKok. > > > > Ah well, I'm trying to authenticate both a machine (cert) and a user > > (password) to prevent people from using unchecked machines > on the network. > > PEAP sort of does that I guess since the internal CA isn't > set up on a > > client, but that's not a very secure method. Any suggestions > > appreciated and thanks for your help. > > Interesting. What client is this? FC4/2.6.15-1.1831 Freeradius 1.0.4 Intel PROset 9.0.3.0 Is there a debug mode that would show me exactly which certs are being exchanged? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Client certs with MSCHAPV2 in PEA
Dave Huff wrote: . From: "Alan DeKok" <[EMAIL PROTECTED]> Robert Myers <[EMAIL PROTECTED]> wrote: The reason I ask, is that I'm using a client cert signed by my CA to do eap/tls, and it's working. I have not implemented the server cert as of yet. Then it *should* work with PEAP. But I don't know of many people that use client certs with PEAP. I suspect no one has tested that, and that the client may be doing something different than with EAP-TLS. My suggestion is don't use client certs with PEAP. Alan DeKok. Ah well, I'm trying to authenticate both a machine (cert) and a user (password) to prevent people from using unchecked machines on the network. PEAP sort of does that I guess since the internal CA isn't set up on a client, but that's not a very secure method. Any suggestions appreciated and thanks for your help. Interesting. What client is this? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Client certs with MSCHAPV2 in PEA
. >From: "Alan DeKok" <[EMAIL PROTECTED]> >Robert Myers <[EMAIL PROTECTED]> wrote: >> The reason I ask, is that I'm using a client cert signed by my CA to do >> eap/tls, and it's working. I have not implemented the server cert as of >> yet. > Then it *should* work with PEAP. But I don't know of many people >that use client certs with PEAP. I suspect no one has tested that, >and that the client may be doing something different than with EAP-TLS. > My suggestion is don't use client certs with PEAP. > Alan DeKok. Ah well, I'm trying to authenticate both a machine (cert) and a user (password) to prevent people from using unchecked machines on the network. PEAP sort of does that I guess since the internal CA isn't set up on a client, but that's not a very secure method. Any suggestions appreciated and thanks for your help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html