Re: Mobile 2003 Radius authentication requirements
From: Mark Gamache (mark.gamache_at_css-security.com.nospam)
Date: 02/25/05
- Next message: Timo: "Locking down IAS and NAS"
- Previous message: David: "Re: Mobile 2003 Radius authentication requirements"
- In reply to: David: "Re: Mobile 2003 Radius authentication requirements"
- Next in thread: David: "Re: Mobile 2003 Radius authentication requirements"
- Reply: David: "Re: Mobile 2003 Radius authentication requirements"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 24 Feb 2005 17:27:05 -0800
You actually have me stumped on the first part. There are times when
windows services will generate self signed certs if needed, but I didn't
think IAS would. You can use MMC to look at the computer's certificate
store and see where the cert came from. I'd be curious to know.
As for the PPC 2003. I'm not familiar enough with the device. I know if
you use the Aegis client, PEAP will work with certs or username password. I
assumed you had the password option with the native tools. You may want to
consult the vendor.
Cheers.
-- Mark Gamache Certified Security Solutions http://www.css-security.com "David" <David@discussions.microsoft.com> wrote in message news:A7879FF2-60AA-408F-8A64-8A5B896FF9B0@microsoft.com... > Thanks for the info. > > So where does the cert com from "using TLS"? I implemented 802.1x RADIUS > authentication on my domain and did not have a CA installed. All was well > with PC's and Laptops. So you are saying that IAS creates its own > Certificate > without the need for Windows Certificate services installed or existing on > the Domain. > > My other question is why must you have certificate services installed in > order to use 802.1x RADIUS authentication on Mobile 2003 PPC. My IPAQ > supports PEAP, however once credintials are used, I recieve an error > concerning the certificate issued, unless I install a personel certificate > on > the PPC. > > Thank you in advance. > > "Mark Gamache" wrote: > >> PEAP protects the EAP conversation using a TLS tunnel. It does this by >> using the certificate on the IAS server. Once the TLS session is opened, >> you can then authenticate inside the tunnel using MS-CHAP v2 (username >> password) or via a client cert (TLS). Either works. Additionally, you >> can >> force the initial protection to validate the IAS server certificate. >> This >> is vital with wireless, otherwise you cant be sure that you are not being >> spoofed by a malicious AP with the same SSID as the one you are looking >> for. >> >> Cheers, >> >> -- >> Mark Gamache >> Certified Security Solutions >> http://www.css-security.com >> >> >> >> "David" <David@discussions.microsoft.com> wrote in message >> news:E0A32471-11CD-433C-A325-E4AF19AED791@microsoft.com... >> >I currently have a RADIUS server (Windows 2003) setup and configure for >> >my >> > access points on my domain. I connect with PC's or Laptops using PEAP, >> > 802.1x >> > authentication, AD username and pw. >> > >> > I have an IPAQ device (HP Windows Mobile 2003) that I finally got >> > connected, >> > but do not thoroughly understand the requirements. First, why must the >> > IPAQ >> > have a certificate from the CA in my domain (Which I had to install for >> > this >> > sole purpose) when my laptops or pc's never required this. What exactly >> > is >> > the issue, and the difference. >> > >> > PLease help. >> > >> > Thanks >> > >> > dw >> >> >>
- Next message: Timo: "Locking down IAS and NAS"
- Previous message: David: "Re: Mobile 2003 Radius authentication requirements"
- In reply to: David: "Re: Mobile 2003 Radius authentication requirements"
- Next in thread: David: "Re: Mobile 2003 Radius authentication requirements"
- Reply: David: "Re: Mobile 2003 Radius authentication requirements"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
