Re: Client certs with MSCHAPV2 in PEA
. From: Alan DeKok [EMAIL PROTECTED] Robert Myers [EMAIL PROTECTED] wrote: The reason I ask, is that I'm using a client cert signed by my CA to do eap/tls, and it's working. I have not implemented the server cert as of yet. Then it *should* work with PEAP. But I don't know of many people that use client certs with PEAP. I suspect no one has tested that, and that the client may be doing something different than with EAP-TLS. My suggestion is don't use client certs with PEAP. Alan DeKok. Ah well, I'm trying to authenticate both a machine (cert) and a user (password) to prevent people from using unchecked machines on the network. PEAP sort of does that I guess since the internal CA isn't set up on a client, but that's not a very secure method. Any suggestions appreciated and thanks for your help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Client certs with MSCHAPV2 in PEA
Dave Huff wrote: . From: Alan DeKok [EMAIL PROTECTED] Robert Myers [EMAIL PROTECTED] wrote: The reason I ask, is that I'm using a client cert signed by my CA to do eap/tls, and it's working. I have not implemented the server cert as of yet. Then it *should* work with PEAP. But I don't know of many people that use client certs with PEAP. I suspect no one has tested that, and that the client may be doing something different than with EAP-TLS. My suggestion is don't use client certs with PEAP. Alan DeKok. Ah well, I'm trying to authenticate both a machine (cert) and a user (password) to prevent people from using unchecked machines on the network. PEAP sort of does that I guess since the internal CA isn't set up on a client, but that's not a very secure method. Any suggestions appreciated and thanks for your help. Interesting. What client is this? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Client certs with MSCHAPV2 in PEA
Dave Huff wrote: . From: Alan DeKok [EMAIL PROTECTED] Robert Myers [EMAIL PROTECTED] wrote: The reason I ask, is that I'm using a client cert signed by my CA to do eap/tls, and it's working. I have not implemented the server cert as of yet. Then it *should* work with PEAP. But I don't know of many people that use client certs with PEAP. I suspect no one has tested that, and that the client may be doing something different than with EAP-TLS. My suggestion is don't use client certs with PEAP. Alan DeKok. Ah well, I'm trying to authenticate both a machine (cert) and a user (password) to prevent people from using unchecked machines on the network. PEAP sort of does that I guess since the internal CA isn't set up on a client, but that's not a very secure method. Any suggestions appreciated and thanks for your help. Interesting. What client is this? FC4/2.6.15-1.1831 Freeradius 1.0.4 Intel PROset 9.0.3.0 Is there a debug mode that would show me exactly which certs are being exchanged? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html