(RADIATOR) RE: (Radiator)Desired EAP type 25 not permitted: problem with my 802.1x PEAP MSCHAPv2 with MySQL testing // Cisco arionet1100 AP and Radiator 3.9

[Terry Simons]

The "Connect to these servers" option is only available for PEAP, IIRC.

On Jul 16, 2004, at 1:18 PM, Christian Wiedmann wrote:

> Perhaps an easier solution than having your own CA is simply to limit 
> the
> hostnames that you will allow through.  Make sure the "Connect to these
> servers" field in the EAP Properties dialog specifies the CN in the
> certificate, and you won't be able to use a different Verisign 
> certificate.
>
> Note that I'm using Radiator, PEAP, and a Verisign certificate using 
> this
> setup on Windows XP without any trouble.
>
> 	-Christian
>
> On Fri, 16 Jul 2004, Terry Simons wrote:
>
>>
>> Hi Scott, Mike, Hugh.  ;-)
>>
>> A better solution that purchasing a certificate might be to run your
>> own CA and create your own certificates.  In fact, this is a much
>> better and more secure solution than even using somebody like 
>> Verisign.
>>
>> If you were running a verisign CA signed server certificate for 802.1X
>> authentication, I could also request a verisign server certificate, 
>> and
>> hand it to your user to pull off a Man in the Middle attack.  Because
>> your client is going to verify Verisign (because that's what your
>> certificate was signed against), they will also allow my server
>> certificate (which was also signed by verisign).  This is a bad idea 
>> in
>> general, and should probably be avoided.
>>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.