RADIUS Server that Forces User *and* Computer Authenticati..

Toggle sidebar Toggle sidebar
J

jeff

Distinguished
Apr 5, 2004
1,172
0
19,280
Archived from groups: microsoft.public.windows.networking.wireless (More info?)

We wish to prevent a problem on our WLANs where a valid domain user
could gain access on a non-domain computer. The concern is that the
non-domain computer could have all kinds of viruses, etc., to
propagate.

If Microsoft IAS would authenticate both the user *and* the computer,
our problem would be solved, but it appears that IAS will not* do
this.

Is there a RADIUS server that *can* do this?

Thanks,

Jeff
 
G

Guest

Guest
Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Are you using PEAP? It isn't so much a RADIUS problem as it is PEAP version
0. PEAP version 2 will fix this.

Meanwhile, if you switch to using RADIUS for computer authentication and
rely on regular domain authentication for users, that's a good temporary
stance until PEAP v 2 reaches a useful draft stage and we can implement it
in the product. That's how we run our EAP-TLS on our corpnet.

Steve Riley
steriley@microsoft.com



> We wish to prevent a problem on our WLANs where a valid domain user
> could gain access on a non-domain computer. The concern is that the
> non-domain computer could have all kinds of viruses, etc., to
> propagate.
>
> If Microsoft IAS would authenticate both the user *and* the computer,
> our problem would be solved, but it appears that IAS will not* do
> this.
>
> Is there a RADIUS server that *can* do this?
>
> Thanks,
>
> Jeff
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Maybe this can help?

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_rap_quarantine_network.asp

--PA

"Jeff" wrote:
> We wish to prevent a problem on our WLANs where a valid domain user
> could gain access on a non-domain computer. The concern is that the
> non-domain computer could have all kinds of viruses, etc., to
> propagate.
>
> If Microsoft IAS would authenticate both the user *and* the computer,
> our problem would be solved, but it appears that IAS will not* do
> this.
>
> Is there a RADIUS server that *can* do this?
>
> Thanks,
>
> Jeff
>
>
 
J

jeff

Distinguished
Apr 5, 2004
1,172
0
19,280
Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Thanks Pavel; at first blush it looks interesting, so I'll check it
out in detail.

Jeff




On Tue, 4 Jan 2005 22:49:03 -0800, "Pavel A."
<pavel_a@NOwritemeNO.com> wrote:

>Maybe this can help?
>
>http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_rap_quarantine_network.asp
>
>--PA
>
>"Jeff" wrote:
>> We wish to prevent a problem on our WLANs where a valid domain user
>> could gain access on a non-domain computer. The concern is that the
>> non-domain computer could have all kinds of viruses, etc., to
>> propagate.
>>
>> If Microsoft IAS would authenticate both the user *and* the computer,
>> our problem would be solved, but it appears that IAS will not* do
>> this.
>>
>> Is there a RADIUS server that *can* do this?
>>
>> Thanks,
>>
>> Jeff
>>
>>
 
J

jeff

Distinguished
Apr 5, 2004
1,172
0
19,280
Archived from groups: microsoft.public.windows.networking.wireless (More info?)

Thanks Steve. Hmmmmm.......it sounds like, among other things, you're
saying PEAP-MSCHAPv2 is different than PEAP v2. However, since you
invited me to send you an e-mail on a semi-related subject, I think
I'll move both topics there.

Jeff




On Tue, 04 Jan 2005 22:24:30 -0800, Steve Riley [MSFT]
<steriley@microsoft.com> wrote:

>Are you using PEAP? It isn't so much a RADIUS problem as it is PEAP version
>0. PEAP version 2 will fix this.
>
>Meanwhile, if you switch to using RADIUS for computer authentication and
>rely on regular domain authentication for users, that's a good temporary
>stance until PEAP v 2 reaches a useful draft stage and we can implement it
>in the product. That's how we run our EAP-TLS on our corpnet.
>
>Steve Riley
>steriley@microsoft.com
>
>
>
>> We wish to prevent a problem on our WLANs where a valid domain user
>> could gain access on a non-domain computer. The concern is that the
>> non-domain computer could have all kinds of viruses, etc., to
>> propagate.
>>
>> If Microsoft IAS would authenticate both the user *and* the computer,
>> our problem would be solved, but it appears that IAS will not* do
>> this.
>>
>> Is there a RADIUS server that *can* do this?
>>
>> Thanks,
>>
>> Jeff
>>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom