Re: PEAP-MS-CHAP V2 or EAP-TLS for Wireless Encryption

From: Stuart Mackie (*REMOVE*me@stu.uk.com)
Date: 01/26/03

• Next message: Bill Crocker: "Re: How can I recover forgotten windows passwords"
• Previous message: Saman: "For more security..."
• In reply to: Chris Gilbert: "Re: PEAP-MS-CHAP V2 or EAP-TLS for Wireless Encryption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Stuart Mackie" <*REMOVE*me@stu.uk.com>
Date: Sun, 26 Jan 2003 14:35:14 -0000

Hi. Thanks for the info. At the minute I've gone with EAP-TLS and
everything seems to be working well. Now the only problem is how I get my
dad's laptop onto my network (domain environment) without him having to log
onto my domain as a user. They use their own domain at his work and he
wants to use the same user becuase all his email etc is on there and he will
have to authenticate remotely with their server as well. The only problem
with this is that EAP-TLS seems to use both Computer and User certificate.
I can get a Computer Certificate onto the Computer (I think) but I'm
presuming I can't create a certificate for his user e.g. dad\officeDomain
when my domian would want him to authenticate as dad \ homeDomain. Or is it
possible to create a certificate for a user and as long as that user
supplies that certificate it doesn't matter if they have a different
username or part of a different domain ?

Any suggestions :)

Thanks for any help,
Stuart.

"Chris Gilbert" <Chris.Gilbert@Consignia.com> wrote in message
news:3e314637$1@RGINF-S02.research-group.co.uk...
>
> Stuart Mackie wrote
>
> > I'm implementing a small wireless network and as well as using 128-bit
WEP
> > we are going to implement IAS with either PEAP-MSCHAP V2 or EAP-TLS but
I
> > can't work out whats the best one to use.
>
> If you have implemented a PKI and distributed certs to your user base
> then TLS, as an extension to SSL v3.0, offers you the opportunity to
> employ certificate-based authentication.
>
> Chris
>
>

• Next message: Bill Crocker: "Re: How can I recover forgotten windows passwords"
• Previous message: Saman: "For more security..."
• In reply to: Chris Gilbert: "Re: PEAP-MS-CHAP V2 or EAP-TLS for Wireless Encryption"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Multiple EAP-Types at WinXP clients ... something´s wrong with the client certificate. ... policy using PEAP which puts the PC into a special support-vlan. ... First using EAP-TLS and if that fails using PEAP. ... How can i manage this on the client. ... (microsoft.public.internet.radius) EAP-TLS Certificate Validation ... issued by the same PKI chain in order for EAP-TLS ... The EAP-TLS Server has a server certificate with the ... (microsoft.public.internet.radius) RE: 802.1x, Computers, Wired Security ... Just to be clear....PEAP-MSCHAPvs and EAP-TLS both work for user auth. ... Please verify the certificates on the client machine that connect to 802.1x ... PEAP with EAP-TLS ... Is there a computer certificate that enrolled from the domain CA? ... (microsoft.public.windows.server.active_directory) Re: Wired 802.1x Questions ... IAS allows EAP-TLS clients to connect even when it does ... not perform or cannot complete a revocation check of the client's ... certificate chain. ... (microsoft.public.windows.server.security) Re: EAP-TLS machine authentication for non-domain systems ... wireless network. ... We are using Windows Server 2003 SP1 certificate ... authenticate though our Cisco WLC wireless infrastructure. ... I don't see any facility in IAS to ... (microsoft.public.internet.radius)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint