RE: PEAP based 802.1x LAN authentication
From: Menicucci, Dan (dan0_at_pitt.edu)
Date: 04/07/05
- Previous message: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
- Maybe in reply to: Rodrigo Blanco: "PEAP based 802.1x LAN authentication"
- Next in thread: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
- Reply: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 6 Apr 2005 19:27:57 -0400 To: "Rodrigo Blanco" <rodrigo.blanco.r@gmail.com>, <focus-ms@securityfocus.com>
Hi Rob,
We do it wih a Verisign certificate. The trusted root needs to be on
the client machines and the certificate needs to be installed under the
Personal folder of the Computer section of the certificate snapin.
Thanks,
Dan
-----Original Message-----
From: Won, Henry # PHX [mailto:henry.won@ndchealth.com]
Sent: Wednesday, April 06, 2005 3:13 PM
To: Rodrigo Blanco; focus-ms@securityfocus.com
Cc: rodrigob@myway.com
Subject: RE: PEAP based 802.1x LAN authentication
We are using MS CA with IAS and only enhanced key usage listed is server
authentication. If I remember correctly the RSA key size had to be 1024
bits long. If it is bigger, try generating a new certificate with 1024
bits instead.
-----Original Message-----
From: Rodrigo Blanco [mailto:rodrigo.blanco.r@gmail.com]
Sent: Wednesday, April 06, 2005 8:42 AM
To: focus-ms@securityfocus.com
Cc: rodrigob@myway.com
Subject: PEAP based 802.1x LAN authentication
Hello list,
I am currently trying to configure an Active Directory (w2K server) both
for windows auth and also as RADIUS server (IAS) for LAN 802.1x
authentication. I have successfully tried 802.1x with auth methods such
as PAP, CHAP... and now am trying to move to PEAP so I can have joint
AD/802.1x auth. with a single logon.
According to
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/S
erverHelp/9d8b61c9-a870-4627-a8f2-148625fd7fba.mspx
I should install MS CA and generate a certificate for the win2K server
acting as AD/IAS.
I do not want to use this CA, but openssl instead (XCA, in fact). With
this, I have created a certificate with key usage = Server auth and
installed both the CA certificate and this certificate through the
browser.
When I try to configure PEAP in the IAS Dial-in profile, I get an error
message stating: "A certificate could not be found that can be used with
this Extensible Authentication Protocol". I think some key usage or
extended key usage attributes must be missing, or that I have created /
installed the certificate wrong, but did not find the problem.
Any help or ideas would be more than welcome.
Thanks in advance,
Rodrigo.
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- This E-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply E-mail, and destroy all copies of the original message. ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
- Maybe in reply to: Rodrigo Blanco: "PEAP based 802.1x LAN authentication"
- Next in thread: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
- Reply: Rodrigo Blanco: "Re: PEAP based 802.1x LAN authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
