RE: 802.1X configuration for IAS and Cisco WLC 4402
- From: "James McIllece [MS]" <jamesmci@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 31 Oct 2008 11:13:41 -0700
=?Utf-8?B?TGlicmFyeSBTeXNhZG1pbg==?=
<LibrarySysadmin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:0D8C112A-EF7D-490C-B325-54BCA01AB769@xxxxxxxxxxxxx:
James,
I read through at least a dozen Technet and Cisco documents pertaining
to the various aspects of this configuration.
In looking at the ones that I have bookmarked, they don't specifically
state that PEAP-MSCHAPv2 needs a certificate. I think it's just that
these docs are describing several configurations and when you start
walking through the steps to configure everything, it's easy to miss
the line that PEAP-MSCHAPv2 doesn't need a cert and continue on.
Rick
OK, thanks for the followup, Rick.
For others who aren't familiar with PEAP-MS-CHAP v2, if you want to use
mutual authentication, where the client authenticates the IAS/NPS server in
addition to the server authenticating the client/user, the IAS or NPS
server must have a server certificate that meets the minimum server
certificate requirements. Also, client computers must be configured to
validate the server certificate. (Ideally client configurations are pushed
to clients with Group Policy.)
Thanks --
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Prev by Date: RE: IAS authorization against AD groups without authentication
- Next by Date: Re: Windows Authentication issue
- Previous by thread: IAS authorization against AD groups without authentication
- Next by thread: Re: Windows Authentication issue
- Index(es):
Relevant Pages
|
