cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
790
Views
0
Helpful
4
Replies

Best EAP Method Given these Requirements

Lucas Phelps
Level 5
Level 5

Which EAP method would be the most secure in this case, and fulfill these requirements:

1) Want to authenticate user's via LDAP to an Active Directory Database

2) Also want to require that they have a unique certificate on their PC's (Which we manually install on them).

3) Supports signal signon (pass-through) authentication from a Windows XP machine.

4 Replies 4

semmie.rush
Level 1
Level 1

You can use EAP-TLS. That requires a server and a client side cert. You can use microsoft IAS (RADIUS) server for user auth that points to the AD database.

raun.williams
Level 3
Level 3

Keep in mind with Windows XP/2k3 (sp2/default client authentication)that if your users move from station to station, it does not support a 'cert roaming' environment. The problem I faced was if a doc used his laptop then tried to access one of our wireless carts on the floor, he couldn't login because his cert had never been applied to that cart and was already active on a different device. We ended up turning off client certificate authentication on XP and are only using 'computer certificate' authentiction. If you need more information on this I'd be glad to help. I'm unfamiliar on the IAS side as I use ACS.

Perhaps I am confused on the idea of client certificates. I was thinking I would put one universal certificate on the PC's that would have wireless access. I did not think that they would be a unique certificate per user.

How could I get away with requiring a 'company' certificate on each company PC and then just have them authenticate with their AD username (via LDAP/RADIUS)? Would this be machine certificates?

you could do PEAP as well. EAP-TLS requires a per user certificate, while PEAP only requires the Root CA certificate be installed on the end machines.

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: