(RADIATOR) RE: (Radiator)Desired EAP type 25 not permitted: problem with my 802.1x PEAP MSCHAPv2 with MySQL testing // Cisco arionet1100 AP and Radiator 3.9
Terry Simons
galimore at mac.com
Tue Jul 20 13:59:55 CDT 2004
The "Connect to these servers" option is only available for PEAP, IIRC.
On Jul 16, 2004, at 1:18 PM, Christian Wiedmann wrote:
> Perhaps an easier solution than having your own CA is simply to limit
> the
> hostnames that you will allow through. Make sure the "Connect to these
> servers" field in the EAP Properties dialog specifies the CN in the
> certificate, and you won't be able to use a different Verisign
> certificate.
>
> Note that I'm using Radiator, PEAP, and a Verisign certificate using
> this
> setup on Windows XP without any trouble.
>
> -Christian
>
> On Fri, 16 Jul 2004, Terry Simons wrote:
>
>>
>> Hi Scott, Mike, Hugh. ;-)
>>
>> A better solution that purchasing a certificate might be to run your
>> own CA and create your own certificates. In fact, this is a much
>> better and more secure solution than even using somebody like
>> Verisign.
>>
>> If you were running a verisign CA signed server certificate for 802.1X
>> authentication, I could also request a verisign server certificate,
>> and
>> hand it to your user to pull off a Man in the Middle attack. Because
>> your client is going to verify Verisign (because that's what your
>> certificate was signed against), they will also allow my server
>> certificate (which was also signed by verisign). This is a bad idea
>> in
>> general, and should probably be avoided.
>>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list