Best EAP Method Given these Requirements

Unanswered Question
Jan 7th, 2009

Which EAP method would be the most secure in this case, and fulfill these requirements:

1) Want to authenticate user's via LDAP to an Active Directory Database

2) Also want to require that they have a unique certificate on their PC's (Which we manually install on them).

3) Supports signal signon (pass-through) authentication from a Windows XP machine.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
semmie.rush Wed, 01/07/2009 - 17:26

You can use EAP-TLS. That requires a server and a client side cert. You can use microsoft IAS (RADIUS) server for user auth that points to the AD database.

raun.williams Tue, 01/13/2009 - 13:26

Keep in mind with Windows XP/2k3 (sp2/default client authentication)that if your users move from station to station, it does not support a 'cert roaming' environment. The problem I faced was if a doc used his laptop then tried to access one of our wireless carts on the floor, he couldn't login because his cert had never been applied to that cart and was already active on a different device. We ended up turning off client certificate authentication on XP and are only using 'computer certificate' authentiction. If you need more information on this I'd be glad to help. I'm unfamiliar on the IAS side as I use ACS.

Lucas Phelps Tue, 01/13/2009 - 13:39

Perhaps I am confused on the idea of client certificates. I was thinking I would put one universal certificate on the PC's that would have wireless access. I did not think that they would be a unique certificate per user.

How could I get away with requiring a 'company' certificate on each company PC and then just have them authenticate with their AD username (via LDAP/RADIUS)? Would this be machine certificates?

Stephen Rodriguez Tue, 01/13/2009 - 15:46

you could do PEAP as well. EAP-TLS requires a per user certificate, while PEAP only requires the Root CA certificate be installed on the end machines.




This Discussion



Trending Topics - Security & Network