RADIUS Server that Forces User *and* Computer Authentication?

Discussion in 'Wireless Networking' started by Jeff, Jan 4, 2005.

  1. Jeff

    Jeff Guest

    We wish to prevent a problem on our WLANs where a valid domain user
    could gain access on a non-domain computer. The concern is that the
    non-domain computer could have all kinds of viruses, etc., to
    propagate.

    If Microsoft IAS would authenticate both the user *and* the computer,
    our problem would be solved, but it appears that IAS will not* do
    this.

    Is there a RADIUS server that *can* do this?

    Thanks,

    Jeff
     
    Jeff, Jan 4, 2005
    #1
    1. Advertisements

  2. Are you using PEAP? It isn't so much a RADIUS problem as it is PEAP version
    0. PEAP version 2 will fix this.

    Meanwhile, if you switch to using RADIUS for computer authentication and
    rely on regular domain authentication for users, that's a good temporary
    stance until PEAP v 2 reaches a useful draft stage and we can implement it
    in the product. That's how we run our EAP-TLS on our corpnet.

    Steve Riley
     
    Steve Riley [MSFT], Jan 5, 2005
    #2
    1. Advertisements

  3. Jeff

    Guest Guest

  4. Jeff

    Jeff Guest

    Thanks Pavel; at first blush it looks interesting, so I'll check it
    out in detail.

    Jeff
     
    Jeff, Jan 5, 2005
    #4
  5. Jeff

    Jeff Guest

    Thanks Steve. Hmmmmm.......it sounds like, among other things, you're
    saying PEAP-MSCHAPv2 is different than PEAP v2. However, since you
    invited me to send you an e-mail on a semi-related subject, I think
    I'll move both topics there.

    Jeff
     
    Jeff, Jan 5, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.