RADIUS Server that Forces User *and* Computer Authentication?

Discussion in 'Wireless Networking' started by Jeff, Jan 4, 2005.

  1. Jeff

    Jeff Guest

    We wish to prevent a problem on our WLANs where a valid domain user
    could gain access on a non-domain computer. The concern is that the
    non-domain computer could have all kinds of viruses, etc., to
    propagate.

    If Microsoft IAS would authenticate both the user *and* the computer,
    our problem would be solved, but it appears that IAS will not* do
    this.

    Is there a RADIUS server that *can* do this?

    Thanks,

    Jeff
     
    Jeff, Jan 4, 2005
    #1

    1. Advertisements

  2. Jeff

    Steve Riley [MSFT] Guest

    Are you using PEAP? It isn't so much a RADIUS problem as it is PEAP version
    0. PEAP version 2 will fix this.

    Meanwhile, if you switch to using RADIUS for computer authentication and
    rely on regular domain authentication for users, that's a good temporary
    stance until PEAP v 2 reaches a useful draft stage and we can implement it
    in the product. That's how we run our EAP-TLS on our corpnet.

    Steve Riley
     
    Steve Riley [MSFT], Jan 5, 2005
    #2

    1. Advertisements

  3. Jeff

    Guest Guest

    Guest, Jan 5, 2005
    #3
  4. Jeff

    Jeff Guest

    Thanks Pavel; at first blush it looks interesting, so I'll check it
    out in detail.

    Jeff
     
    Jeff, Jan 5, 2005
    #4
  5. Jeff

    Jeff Guest

    Thanks Steve. Hmmmmm.......it sounds like, among other things, you're
    saying PEAP-MSCHAPv2 is different than PEAP v2. However, since you
    invited me to send you an e-mail on a semi-related subject, I think
    I'll move both topics there.

    Jeff
     
    Jeff, Jan 5, 2005
    #5

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. Wireless Access Point with Radius Server > authentication?

  2. Microsoft IAS Patch to Correct Very Slow RADIUS/802.1X Authentication?

  3. Cisco radius attributes with Funk Steel-Belted Radius Server

  4. problem with 2 VPN-Client groups and Radius authentication on Cisco PIX 515E

  5. Changing Windows Passwords - VPN with a PIX, Cisco VPN Client and RADIUS Authentication

  6. WEP authentication, why WEP authentication scheme is flawed and how it can be attacked

  7. 802.11 X port-level authentication or user-level authentication

  8. dot1x, radius and telnet authentication

Loading...