Questions tagged [peap]

27 questions
13
votes
7 answers

Why would you use EAP-TTLS instead of PEAP?

As I understood EAP-TTLS and PEAP share same level of security when implemented in wireless networks. Both only provide server side authentication via certificate. The drawback of EAP-TTLS can be non native support in Microsoft Windows so every…
Ivan Macek
  • 143
  • 1
  • 1
  • 6
7
votes
1 answer

Third Party Wildcard Certificates for use with Microsoft NPS / RADIUS / PEAP

I want to replace the SSL certificate that is used for PEAP on our NPS server that is doing RADIUS authentication for our Cisco WLCs. The current certificate is a SSL certificate that does Client Authentication and Server Authentication. We want to…
MDMarra
  • 100,183
  • 32
  • 195
  • 326
5
votes
2 answers

What should I use instead of MS-CHAP v2?

There's a new tool and service that makes it very easy to break MS-CHAP v2, which is used to secure VPNs. A good summary of the attach against MS-CHAP can be found at Ars Technica. Here's the way I currently have my VPN service running on Windows…
Knox
  • 2,453
  • 2
  • 26
  • 33
4
votes
5 answers

802.1x PEAP GPO that trusts self-signed CA certificate

I am working on a Freeradius backed 802.1.x authentication infrastructure for our wireless clients. I am using a rather generic Freeradius configuration with EAP-PEAP. Our clients are predominantly Windows XP SP3 machines but a few Windows 7 32 and…
user62491
3
votes
1 answer

Windows machines cannot connect to Radius Wifi

Environment Background: 4 Domain Controllers, DC01 DC02 DC03 DC04 DC01 is my PDC DC02 is my NPS Server The other two are load balancing and site specific. I'm using a Ruckus Zone Director with Ruckus WAPs in my office. Our environment consists of…
user2920945
  • 31
  • 1
  • 2
3
votes
1 answer

L2TP with PEAP authentication from MacOS/iOS

Following the recent security advisory, I'm reconfiguring our VPN servers and having trouble. We're using Windows 2008 R2 server for VPN services, running RRAS and NPS on the same server and configure it to use PEAP-EAP-MSCHAPV2 authentiation for…
Jose
  • 147
  • 2
  • 3
  • 8
3
votes
1 answer

Radius Certificate Based (eap) Authentication

We are currently putting in place a freeradius server that uses certificates to authenticate via a wireless connection. We have this working for 802.1x but Novell's client for Windows 7 breaks the 802.1x protocol. So we have to have the certificate…
lilott8
  • 496
  • 5
  • 14
2
votes
1 answer

Debian WPA2-Enterprise (Network-manager) 802.1X no prompt for certificate?

I set up an access point (AP) with PEAP (Freeradius) 802.1X authentication and trying to connect the following: iOS: Automatically provides the certificate to the onscreen user. Windows: Automatically provides the certificate to the onscreen user.…
Ephemeral
  • 244
  • 1
  • 9
2
votes
1 answer

PEAP validation against a different, secondary domain?

Probably a little bit confusing, so let me explain the situation. Our company wants to implement a corporate wireless LAN with PEAP authentication. Unfortunately, someone made a big mistake in our Active Directory design 10 years ago. The domain…
sam
  • 155
  • 2
  • 5
  • 17
1
vote
1 answer

How to enable 802.1x EAP-TTLS with PAP in Windows 7?

By default, Windows 7 doesn't support EAP-TTLS authentication method natively. If I enable IEEE 802.1X authentication in Windows 7, I can see only two authentication methods: Microsoft smart cards or other certificates Microsoft: Protected…
Yuanqiu Li
  • 31
  • 1
  • 5
1
vote
2 answers

wireless ethernet adapter with EAP-PEAP?

We have a wireless network set up to support WPA or WPA2 with AES or TKIP encryption and EAP-PEAP authentication. Users are wanting to connect devices that don't have the ability to do EAP-PEAP but have ethernet ports. I have found a wireless…
Joseph
  • 3,787
  • 26
  • 33
1
vote
0 answers

802.1x Wifi with NPS Server, using EAP-PEAP and a certificate for Authentication

I don't know if what I am trying to do is possible but here we go. I have a bunch of iPad's that I am going to supervise before they go on to my network. The iPad's will connect to the wifi via 802.1x authentication using username and password from…
tyelford
  • 255
  • 2
  • 11
1
vote
0 answers

connecting Linux pppd to LDAP server to authenticate MSCHAPv2?

I need to provide a remote access VPN service. I'd like very much to use JumpCloud.com to do the user database management. I'm trying to achieve the following: Provide l2tp+ipsec VPN service to users, hosted on Ubuntu 14.04 on AWS. Mac OSX clients…
Amos Shapira
  • 839
  • 2
  • 11
  • 23
1
vote
1 answer

With freeradius and PEAP-MSCHAP, how does one limit connectivity to a single group?

I feel like jumping up and down after I got FreeRadius, samba winbind, XCA w/ ECDSA certs, Active Directory, and Ubiquiti Unifi all talking together. Next problem, any valid account in ActiveDirectory will currently authenticate. How do I limit this…
1
vote
0 answers

Windows 2008 NPS server unable to authenticate Ubuntu client on wireless

I have Windows clients able to authenticate (EAP-PEAP MSCHAPV2) configured to authenticate with Windows 2008 server with no issues, however i am not using any Server certificate for outer-EAP (Neither Third party cert nor Internal Cert) by…
user1364
  • 11
  • 1
1
2