RADIUS Server that Forces User *and* Computer Authentication?

Discussion in 'Wireless Networking' started by Jeff, Jan 4, 2005.

  1. Jeff

    Jeff Guest

    We wish to prevent a problem on our WLANs where a valid domain user
    could gain access on a non-domain computer. The concern is that the
    non-domain computer could have all kinds of viruses, etc., to

    If Microsoft IAS would authenticate both the user *and* the computer,
    our problem would be solved, but it appears that IAS will not* do

    Is there a RADIUS server that *can* do this?


    Jeff, Jan 4, 2005
    1. Advertisements

  2. Are you using PEAP? It isn't so much a RADIUS problem as it is PEAP version
    0. PEAP version 2 will fix this.

    Meanwhile, if you switch to using RADIUS for computer authentication and
    rely on regular domain authentication for users, that's a good temporary
    stance until PEAP v 2 reaches a useful draft stage and we can implement it
    in the product. That's how we run our EAP-TLS on our corpnet.

    Steve Riley
    Steve Riley [MSFT], Jan 5, 2005
    1. Advertisements

  3. Jeff

    Guest Guest

  4. Jeff

    Jeff Guest

    Thanks Pavel; at first blush it looks interesting, so I'll check it
    out in detail.

    Jeff, Jan 5, 2005
  5. Jeff

    Jeff Guest

    Thanks Steve. Hmmmmm.......it sounds like, among other things, you're
    saying PEAP-MSCHAPv2 is different than PEAP v2. However, since you
    invited me to send you an e-mail on a semi-related subject, I think
    I'll move both topics there.

    Jeff, Jan 5, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.