RE: Windows Mobile 6
- From: Gunna <Gunna@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 31 Jan 2008 06:56:04 -0800
Ryan,
I follow you to a point. Why is the cert on the endpoint to authenticate
against AD required. If the AP is using radius to talk to IAS, which by the
way is what i was planning to do, where does the cert on the endpoint
requirment come from?
I believe since I am using WAP the AP handles the rekeying etc with the
mobile device based on the fact that the mobile device is trusted due to the
fact it has succesfully authenticated already.
SOrry if i seem a little green on this subject, im more of a firewall guy
and have been asked to look into this.
"Ryan Hanisco" wrote:
Remember though, that PEAP doesn't require a client cert like EAP does. You.
just need a Cert on the authentication endpoint to authenticate against the
AD. (So you'll need a CA and a cert on the IAS server)
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
http://www.techsterity.com
Chicago, IL
Remember: Marking helpful answers helps everyone find the info they need
quickly.
"Gunna" wrote:
Hi Ryan,
THanks for the reply. Yes I did read that mobile 5 would support PEAP but
you had to install the certificate. WHat i really need to know is since I am
using MSCHAP during the PEAP authentication and the cert for the encyption on
the wire the user is going to have to enter their AD credentials at some
point aren't they. I was just wondering if it could be done and if so how do
i get the PDA into AD.
"Ryan Hanisco" wrote:
Even Windows Mobile 5 can be added, you'll just need to install the
certificate chain for it to be able to handle PEAP authentication.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
http://www.techsterity.com
Chicago, IL
Remember: Marking helpful answers helps everyone find the info they need
quickly.
"Gunna" wrote:
Can wnidows mobile 6 devices be added to Active directory. My aim is to
force a user to authenticate to a mobile device and using PEAP MSCHAP to
authernticate to the wireless network. Can this be done or do I have to
prompt the user for the auth details when it connects to the wireless?
The other reason i was thining about adding it to AD is so I can use GPO to
issue the mobile device a certificate or is that ot possible?
Thanks.
- References:
- RE: Windows Mobile 6
- From: Ryan Hanisco
- RE: Windows Mobile 6
- Prev by Date: Deletion of old computer accounts
- Next by Date: Re: Deletion of old computer accounts
- Previous by thread: RE: Windows Mobile 6
- Next by thread: RE: Setting up a test domain
- Index(es):
Relevant Pages
|
