PEAP based 802.1x LAN authentication

• Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #235"
• Next in thread: Miroslaw Slawek Chorazy: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Miroslaw Slawek Chorazy: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Miroslaw Slawek Chorazy: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Won, Henry # PHX: "RE: PEAP based 802.1x LAN authentication"
• Maybe reply: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Menicucci, Dan: "RE: PEAP based 802.1x LAN authentication"
• Maybe reply: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Menicucci, Dan: "RE: PEAP based 802.1x LAN authentication"
• Reply: Rui Francisco: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Neal: "RE: PEAP based 802.1x LAN authentication"
• Maybe reply: Pidgorny, Slav: "RE: PEAP based 802.1x LAN authentication"
• Maybe reply: Pidgorny, Slav: "RE: PEAP based 802.1x LAN authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 6 Apr 2005 17:42:16 +0200
To: focus-ms@securityfocus.com

Hello list,

I am currently trying to configure an Active Directory (w2K server)
both for windows auth and also as RADIUS server (IAS) for LAN 802.1x
authentication. I have successfully tried 802.1x with auth methods
such as PAP, CHAP... and now am trying to move to PEAP so I can have
joint AD/802.1x auth. with a single logon.

According to http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/9d8b61c9-a870-4627-a8f2-148625fd7fba.mspx
I should install MS CA and generate a certificate for the win2K server
acting as AD/IAS.

I do not want to use this CA, but openssl instead (XCA, in fact). With
this, I have created a certificate with key usage = Server auth and
installed both the CA certificate and this certificate through the
browser.

When I try to configure PEAP in the IAS Dial-in profile, I get an
error message stating: "A certificate could not be found that can be
used with this Extensible Authentication Protocol". I think some key
usage or extended key usage attributes must be missing, or that I have
created / installed the certificate wrong, but did not find the
problem.

Any help or ideas would be more than welcome.

Thanks in advance,
Rodrigo.

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #235"
• Next in thread: Miroslaw Slawek Chorazy: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Miroslaw Slawek Chorazy: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Miroslaw Slawek Chorazy: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Won, Henry # PHX: "RE: PEAP based 802.1x LAN authentication"
• Maybe reply: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Menicucci, Dan: "RE: PEAP based 802.1x LAN authentication"
• Maybe reply: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Menicucci, Dan: "RE: PEAP based 802.1x LAN authentication"
• Reply: Rui Francisco: "Re: PEAP based 802.1x LAN authentication"
• Maybe reply: Neal: "RE: PEAP based 802.1x LAN authentication"
• Maybe reply: Pidgorny, Slav: "RE: PEAP based 802.1x LAN authentication"
• Maybe reply: Pidgorny, Slav: "RE: PEAP based 802.1x LAN authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]