PEAP (MSCHAPV2) - Confusion over User vs. Computer Authentication
- From: "Kurt" <anonymous@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 2 May 2005 13:57:05 -0700
Hi,
We have set up a W2K IAS server which is able to
authenticate WLAN clients via Cisco 1200 APs. So far this
is working ok.
I was asked to verify that both the machine AND the user
are being authenticated. I did the following to see if I
could verify this.
Logged in from a laptop which is definitely an AD domain
member with a known-good domain user acct. This worked
fine.
Logged in from another laptop which is NOT part of the AD
domain, but with a valid user acct. which IS in the
domain. This also worked fine. (not good)
I may be confused on this, but I thought I had heard
somewhere that you could configure IAS to ENFORCE the rule
that the user had to not only have valid domain
credentials, but also be logging in from a machine that is
in the domain as well.
Is this true? If so, what should me IAS remote access
policy look like to enforce machine and user login?
Thanks!
.
- Follow-Ups:
- Re: PEAP (MSCHAPV2) - Confusion over User vs. Computer Authentication
- From: James McIllece [MS]
- Re: PEAP (MSCHAPV2) - Confusion over User vs. Computer Authentication
- From: Thomas K
- Re: PEAP (MSCHAPV2) - Confusion over User vs. Computer Authentication
- Prev by Date: Re: IAS EAP (PEAP)
- Next by Date: Re: ISA and Trusted Domains
- Previous by thread: Re: IAS EAP (PEAP)
- Next by thread: Re: PEAP (MSCHAPV2) - Confusion over User vs. Computer Authentication
- Index(es):
