In a dusty corner in the back of my mind I think I remember reading once that if you use a RADIUS server for authentication that you can have either but not both Certificate based and Username/Password based authentication running at the same time? For example, we currently use LEAP and PEAP but a masochist in our group now wants to go the certificate route, do we need separate RADIUS servers for that?
Thanks in advance for any assistance or pontifications offered!
Re: Certificates & PEAP on the same RADIUS Server?
That is because EAP-TLS and PEAP are configured the same. The only difference is that users will either need a certificate installed or not. What you can try is to play around with the radius server and try to create a policy that will not fail on the policy (EAP-TLS or PEAP).
Since these are secure type of authentication, why would you have both. If you want to make life easier and don't have to worry about installing client side certificates, then use PEAP. Usually I have clients that have different security methods, but it would be like PEAP, EAP-Fast for phones, and WEP for existing client support.