Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PEAP based 802.1x LAN authentication

from [Rodrigo Blanco] Network Security [Permanent Link]
Subject: Re: PEAP based 802.1x LAN authentication
Date: Wed, 6 Apr 2005 18:49:13 +0200 
The CA cert is installed in the Trusted Root Certification Authorities.

I installed the server cert with the "let Windows decide which
container to install the certificate in". It ended up in Personal.

On Apr 6, 2005 6:18 PM, Miroslaw Slawek Chorazy <mchorazy@depaul.edu> wrote:

Im not sure if you mentioned specifically or not where the certificate
that you had obtained ended up being installed at ?
Is the certificate "siting" in the right container for the PEAP to find
it?
Is the certificate in the Computer or User Store?

slawek


Rodrigo Blanco <rodrigo.blanco.r@gmail.com> 4/6/2005 10:42 >>>

Hello list,

I am currently trying to configure an Active Directory (w2K server)
both for windows auth and also as RADIUS server (IAS) for LAN 802.1x
authentication. I have successfully tried 802.1x with auth methods
such as PAP, CHAP... and now am trying to move to PEAP so I can have
joint AD/802.1x auth. with a single logon.

According to
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/9d8b61c9-a870-4627-a8f2-148625fd7fba.mspx

I should install MS CA and generate a certificate for the win2K server
acting as AD/IAS.

I do not want to use this CA, but openssl instead (XCA, in fact). With
this, I have created a certificate with key usage = Server auth and
installed both the CA certificate and this certificate through the
browser.

When I try to configure PEAP in the IAS Dial-in profile, I get an
error message stating: "A certificate could not be found that can be
used with this Extensible Authentication Protocol". I think some key
usage or extended key usage attributes must be missing, or that I have
created / installed the certificate wrong, but did not find the
problem.

Any help or ideas would be more than welcome.

Thanks in advance,
Rodrigo.

---------------------------------------------------------------------------
---------------------------------------------------------------------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PEAP based 802.1x LAN authentication, Miroslaw Slawek Chorazy
Next by Date:  RE: Windows Server 2003 Service Pack 1, Depp, Dennis M.
Previous by Thread:  Re: PEAP based 802.1x LAN authentication, Miroslaw Slawek Chorazy
Next by Thread:  RE: PEAP based 802.1x LAN authentication, Won, Henry # PHX
Indexes:  [Date] [Thread] [Top] [All Lists]