PEAP Question

kagustin · ‎07-01-2003

I have AP 350 version 12.03T, 340 Series PCMCIA firmware version 5.20.17,

Windows 2003 Active directory domain and Windows 2003 IAS server. Client PC is Win XP, service pack 1.

I was looking into EAP-TLS versus PEAP. I understand that with EAP-TLS, you need a Certificate Authority. But after reading the numerous white papers and documents, I am confused with PEAP.

With PEAP, do I need a Certificate Authority? Is it optional? I really do not want to deal with CA if I don't have to. I just want wireless users to authenticate using Windows Active Directory domain accounts.

Has anyone done this with Windows 2003 Active Directory, PEAP, and IAS?

I would love to hear from you or obtain any documentation.

Thanks.

Ken

kagustin@dvc.edu

Report Inappropriate Content · ‎07-07-2003

PEAP with MS-CHAP v2 requires certificates on the IAS servers but not on the wireless clients. IAS servers must have a certificate installed in their Local Computer certificate store. Instead of deploying a Public Key Infrastructure (PKI), you can purchase individual certificates from a third-party certification authority (CA) to install on your IAS servers. To make sure that wireless clients can validate the IAS server certificate chain, the root CA certificate of the CA that issues the IAS server certificates must be installed on each wireless client.